Skip to main content
CVE-2024-53472 HIGH POC This Week

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wegia
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30962 HIGH POC This Week

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Robot Operating System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30961 HIGH POC This Week

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Robot Operating System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12234 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-12233 MEDIUM POC This Month

A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Online Notice Board
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-12231 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12230 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12229 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12228 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12188 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Library Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-12187 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Library Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-54679 MEDIUM POC PATCH This Month

CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cyberpanel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-53471 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-53470 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37863 CRITICAL Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37861 CRITICAL Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-53442 CRITICAL Act Now

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-41579 CRITICAL Act Now

DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54001 MEDIUM POC This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kanboard
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-53457 MEDIUM POC PATCH THREAT This Month

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
42.5%
CVE-2024-54221 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-12235 MEDIUM POC This Month

A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Agilebpm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-12232 MEDIUM POC This Month

A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Crud Functionality
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6516 CRITICAL POC Act Now

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-51555 CRITICAL Act Now

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51551 CRITICAL Act Now

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51550 CRITICAL POC Act Now

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Code Injection Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-51549 CRITICAL Act Now

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-51545 CRITICAL Act Now

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-48845 CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-48840 CRITICAL POC Act Now

Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection Abb RCE Aspect Ent 2 Firmware +18
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.1%
CVE-2024-48839 CRITICAL POC Act Now

Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Abb RCE Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.8%
CVE-2024-11317 CRITICAL Act Now

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Session Fixation Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-54130 CRITICAL Act Now

The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-54129 CRITICAL Act Now

The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-38920 CRITICAL Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-51554 HIGH This Week

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-51544 HIGH This Week

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
13.5%
CVE-2024-51543 HIGH This Week

Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51542 HIGH This Week

Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware +17
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51541 HIGH This Week

Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI Abb PHP Information Disclosure Aspect Ent 12 Firmware +18
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-48847 HIGH This Week

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-11429 HIGH This Week

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews - Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress RCE LFI Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-12186 MEDIUM POC This Month

A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic.c of the component Available Room Handler. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hotel Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-12185 MEDIUM POC This Month

A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hotel Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-11148 HIGH PATCH This Week

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Openbsd
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-6784 HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-6515 HIGH This Week

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-51548 HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-51546 HIGH POC This Week

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy