Skip to main content
CVE-2024-53604 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE SQLi Covid19 Testing Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-53676 CRITICAL POC THREAT Act Now

A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal HP Information Disclosure Insight Remote Support
NVD GitHub
CVSS 3.1
9.8
EPSS
51.3%
CVE-2024-7025 HIGH POC This Week

Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-53603 HIGH POC This Week

A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Covid19 Testing Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-5921 HIGH POC This Week

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Paloalto Information Disclosure Globalprotect
NVD GitHub
CVSS 4.0
7.1
EPSS
1.5%
CVE-2024-11860 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11819 MEDIUM POC This Month

A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11818 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-51228 MEDIUM POC This Month

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
6.8
EPSS
3.8%
CVE-2024-46054 CRITICAL Act Now

OpenVidReview 1.0 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Openvidreview
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-11667 CRITICAL KEV THREAT Act Now

A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Path Traversal Zld
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-41126 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-41125 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-52959 CRITICAL Act Now

A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Iota C Ai
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-52958 CRITICAL Act Now

A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Iota C Ai
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-11820 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Crud Operation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-42330 CRITICAL Act Now

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-53635 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Covid19 Testing Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-36467 HIGH This Week

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zabbix
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53860 HIGH PATCH This Week

sp-php-email-handler is a PHP package for handling contact form submissions. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-36468 HIGH This Week

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zabbix
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-52323 HIGH This Week

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-54003 HIGH PATCH This Week

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Simple Queue
NVD
CVSS 3.1
8.0
EPSS
79.7%
CVE-2024-31976 HIGH This Week

EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ews356 Fir Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52951 HIGH This Week

Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2024-53920 HIGH This Week

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Emacs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-53859 HIGH PATCH This Week

go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Gh
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47181 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Contiki Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11219 HIGH This Week

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Otter Blocks
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-53260 MEDIUM PATCH This Month

Autolab is a course management service that enables auto-graded programming assignments. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Autolab
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-53858 MEDIUM PATCH This Month

The gh cli is GitHub’s official command line tool. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-10895 MEDIUM This Month

The Counter Up - Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-21703 MEDIUM This Month

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. Rated medium severity (CVSS 6.4). No vendor patch available.

Atlassian Information Disclosure Microsoft Confluence Data Center Confluence Server
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-10175 MEDIUM This Month

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-42328 MEDIUM This Month

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zabbix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-11025 MEDIUM This Month

An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10580 MEDIUM This Month

The Hustle - Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-11083 MEDIUM PATCH This Month

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Profilepress
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-53264 MEDIUM PATCH This Month

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Google
NVD GitHub
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-11862 MEDIUM PATCH This Month

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-11009 MEDIUM This Month

The Internal Linking for SEO traffic & Ranking - Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-46055 MEDIUM This Month

OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Openvidreview
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-53849 MEDIUM This Month

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD GitHub
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-42326 MEDIUM This Month

There was discovered a use after free bug in browser.c in the es_browser_get_variant function. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Zabbix
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-53855 MEDIUM PATCH This Month

Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Centurion Erp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-54004 MEDIUM PATCH This Month

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Filesystem List Parameter
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-10521 MEDIUM PATCH This Month

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wordpress Contact Forms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37816 MEDIUM This Month

Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-42332 LOW Monitor

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
3.7
EPSS
0.6%
CVE-2024-42331 LOW Monitor

In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Zabbix
NVD
CVSS 3.1
3.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy