Skip to main content
CVE-2024-54926 HIGH POC This Week

A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-40582 HIGH POC This Week

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curovms
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-54151 HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-54938 HIGH POC This Week

A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure E Learning Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-53450 HIGH POC This Week

RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow Information Disclosure Ragflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-54928 HIGH POC This Week

kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54927 HIGH POC This Week

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54933 HIGH POC This Week

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54930 HIGH POC This Week

Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-54922 HIGH POC This Week

A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-54929 HIGH POC This Week

KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-50628 HIGH This Week

An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-50627 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Information Disclosure File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-50626 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45760 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Openmanage Server Administrator
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-55579 HIGH This Week

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-47698 HIGH This Week

Missing Authorization vulnerability in shohei.tanaka Japanized For WooCommerce woocommerce-for-japan allows Exploiting Incorrectly Configured Access Control Security Levels.6.4. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-54149 HIGH PATCH This Week

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP Winter
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2023-49817 HIGH This Week

Missing Authorization vulnerability in heolixfy Flexible Woocommerce Checkout Field Editor flexible-woocommerce-checkout-field-editor allows Exploiting Incorrectly Configured Access Control Security. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-48286 HIGH This Week

Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.0.79. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-51355 HIGH This Week

Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.0.23. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-49856 HIGH This Week

Missing Authorization vulnerability in EDGARROJAS Smart Forms smart-forms allows Exploiting Incorrectly Configured Access Control Security Levels.6.84. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-45761 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Dell Denial Of Service Openmanage Server Administrator
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-50625 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-54225 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-52586 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11608 HIGH This Week

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11454 HIGH This Week

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49600 HIGH This Week

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Dell Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-53790 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows PHP Local File Inclusion.3.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25714 HIGH This Week

Missing Authorization vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Exploiting Incorrectly Configured Access Control Security Levels.7.25. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-53949 HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 4.0
7.6
EPSS
0.7%
CVE-2023-22701 HIGH This Week

Missing Authorization vulnerability in motov.net Ebook Store ebook-store allows Exploiting Incorrectly Configured Access Control Security Levels.775. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49831 HIGH This Week

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-46547 HIGH This Week

A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-55580 HIGH This Week

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection RCE Microsoft
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-49158 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Binh Nguyen LadiApp ladipage allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-54219 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehp AIO Contact aio-contact.8.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-54220 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in roninwp FAT Services Booking fat-services-booking allows Stored XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-54226 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in karlkiesinger Country Blocker country-blocker allows Stored XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy