Skip to main content
CVE-2024-11680 CRITICAL POC KEV PATCH THREAT Act Now

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass PHP Projectsend
NVD GitHub
CVSS 3.1
9.8
EPSS
91.6%
Threat
7.7
CVE-2024-33610 CRITICAL POC THREAT Act Now

"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
45.1%
CVE-2024-11745 HIGH POC This Week

A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac8 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-32965 HIGH POC PATCH THREAT This Week

Lobe Chat is an open-source, AI chat framework. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
CVSS 3.1
8.6
EPSS
23.7%
CVE-2024-33605 HIGH POC This Week

Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2024-11817 MEDIUM POC This Month

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11744 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-11743 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-53619 MEDIUM POC This Month

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Spip
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-50942 CRITICAL Act Now

qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-53673 CRITICAL Act Now

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Insight Remote Support
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-49052 CRITICAL Act Now

Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Azure Functions
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-49035 CRITICAL KEV THREAT Act Now

An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Partner Center
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-11704 CRITICAL Act Now

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-11698 CRITICAL Act Now

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-50375 CRITICAL Act Now

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-50374 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-50373 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-50372 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-50371 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-50370 CRITICAL Act Now

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-11024 CRITICAL PATCH Act Now

The AppPresser - Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation WordPress Apppresser
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-49038 CRITICAL Act Now

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Copilot Studio
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2024-53365 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vehicle Parking Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-11742 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0.php?action=save_tenant. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11145 CRITICAL Act Now

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla!. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Easy Folder Listing Pro
NVD GitHub
CVSS 4.0
9.3
EPSS
1.0%
CVE-2024-11678 MEDIUM POC This Month

A vulnerability was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11677 MEDIUM POC This Month

A vulnerability was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11676 MEDIUM POC This Month

A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11675 MEDIUM POC This Month

A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11674 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11705 CRITICAL Act Now

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-36248 CRITICAL Act Now

API keys for some cloud services are hardcoded in the "main" binary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-35244 CRITICAL Act Now

There are several hidden accounts. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-28038 CRITICAL Act Now

The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
9.0
EPSS
2.6%
CVE-2024-8114 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53620 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spip
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-53555 HIGH This Week

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-36463 HIGH This Week

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10471 MEDIUM POC This Month

The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Everest Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-10729 HIGH This Week

The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-52899 HIGH This Week

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Data Virtualization Manager For Z Os
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11700 HIGH This Week

Malicious websites may have been able to perform user intent confirmation through tapjacking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-53843 HIGH PATCH This Week

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-52336 HIGH This Week

A script injection vulnerability was identified in the Tuned package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38831 HIGH This Week

VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38830 HIGH This Week

VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49053 HIGH This Week

Microsoft Dynamics 365 Sales Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Dynamics 365 Sales
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-53675 HIGH This Week

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Insight Remote Support
NVD
CVSS 3.1
7.5
EPSS
83.9%
CVE-2024-53674 HIGH This Week

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Insight Remote Support
NVD
CVSS 3.1
7.5
EPSS
47.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy