Skip to main content
CVE-2023-32117 CRITICAL POC THREAT Emergency

Missing authorization in the Integrate Google Drive WordPress plugin (versions up to and including 1.1.99) lets unauthenticated remote attackers bypass access control checks to reach functionality that should be restricted. EPSS is exceptionally high at 88.16% (99th percentile), indicating strong exploitation likelihood, though no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Google Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
88.2%
Threat
6.1
CVE-2024-54934 CRITICAL POC Act Now

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54932 CRITICAL POC Act Now

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54931 CRITICAL POC Act Now

A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54925 CRITICAL POC Act Now

A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54924 CRITICAL POC Act Now

A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54923 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54921 CRITICAL POC Act Now

A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54918 CRITICAL POC Act Now

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-54920 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-40583 CRITICAL POC Act Now

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curovms
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-54926 HIGH POC This Week

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-40582 HIGH POC This Week

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curovms
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-54151 HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-54938 HIGH POC This Week

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure E Learning Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-53450 HIGH POC This Week

RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow Information Disclosure Ragflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-54928 HIGH POC This Week

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54927 HIGH POC This Week

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54933 HIGH POC This Week

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54930 HIGH POC This Week

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54922 HIGH POC This Week

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-54929 HIGH POC This Week

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-12349 MEDIUM POC This Month

A vulnerability was found in JFinalCMS 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jfinalcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-53822 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium pie-register-premium.8.3.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-9651 MEDIUM POC This Month

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-43222 CRITICAL Act Now

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-8259 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-46455 CRITICAL PATCH Act Now

unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48956 CRITICAL Act Now

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-55564 CRITICAL Act Now

The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52599 MEDIUM POC PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-54935 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Learning Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-54919 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Java E Learning Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-54936 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Learning Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-54215 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp Revy revy.18. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-54937 MEDIUM POC This Month

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure E Learning Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-12360 MEDIUM POC This Month

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12359 MEDIUM POC This Month

A vulnerability was found in code-projects Admin Dashboard 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Admin Dashboard
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12358 MEDIUM POC This Month

A vulnerability was found in WeiYe-Jing datax-web 2.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Datax Web
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.9%
CVE-2024-12351 MEDIUM POC This Month

A vulnerability classified as critical has been found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12350 MEDIUM POC This Month

A vulnerability was found in JFinalCMS 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Command Injection Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.6%
CVE-2024-12348 MEDIUM POC This Month

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jpress
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-53441 CRITICAL Act Now

An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-50628 HIGH This Week

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-50627 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Information Disclosure File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-50626 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45760 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Openmanage Server Administrator
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-55579 HIGH This Week

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-12355 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Phone Contact Manager System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-12354 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Phone Contact Manager System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy