Skip to main content
CVE-2024-53480 CRITICAL POC Act Now

Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Parlour Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-21542 MEDIUM POC PATCH THREAT This Month

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

Information Disclosure
NVD GitHub
CVSS 4.0
6.6
EPSS
13.2%
CVE-2024-50920 HIGH POC This Week

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Z Wave Software Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-55544 HIGH POC THREAT This Week

Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.01e and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iap 420 Firmware
NVD
CVSS 4.0
8.7
EPSS
11.7%
CVE-2024-55602 HIGH POC PATCH This Week

PwnDoc is a penetration test report generator. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pwndoc
NVD GitHub
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-50699 HIGH POC This Week

TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-51165 HIGH POC This Week

SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jepaas
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11868 MEDIUM POC THREAT This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Authentication Bypass PHP Information Disclosure WordPress Learnpress
NVD
CVSS 3.1
5.3
EPSS
11.0%
CVE-2024-55546 HIGH POC This Week

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).01e and below. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iap 420 Firmware
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-55545 HIGH POC This Week

Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).01e and below. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iap 420 Firmware
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-55653 MEDIUM POC This Month

PwnDoc is a penetration test report generator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pwndoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-50928 MEDIUM POC This Month

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Z Wave Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-50924 MEDIUM POC This Month

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Z Wave Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-50921 MEDIUM POC This Month

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Z Wave Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-53481 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Beauty Parlour Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-50929 MEDIUM POC This Month

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Z Wave Software Development Kit
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-11107 MEDIUM POC This Month

The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS System Dashboard
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-53866 MEDIUM POC PATCH This Month

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js RCE Pnpm
NVD GitHub
CVSS 4.0
5.8
EPSS
0.9%
CVE-2024-46442 CRITICAL Act Now

An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46340 CRITICAL Act Now

TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-11639 CRITICAL Act Now

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Cloud Services Appliance
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-45494 CRITICAL Act Now

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45493 CRITICAL Act Now

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-54751 CRITICAL Act Now

COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-55586 CRITICAL Act Now

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-47484 CRITICAL Act Now

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37143 CRITICAL Act Now

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dell Data Lakehouse Insightiq Powerflex Appliance Intelligent Catalog +2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-53552 CRITICAL Act Now

CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crushftp
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-55638 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Drupal
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-55637 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Drupal
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-55636 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Drupal
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-46657 MEDIUM POC PATCH This Month

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Mupdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-54036 CRITICAL Act Now

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
9.3
EPSS
0.7%
CVE-2024-54034 CRITICAL Act Now

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
9.3
EPSS
0.7%
CVE-2024-54032 CRITICAL Act Now

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
9.3
EPSS
0.8%
CVE-2024-12286 CRITICAL Act Now

MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-55547 CRITICAL Act Now

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection.01e. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Iap 420 Firmware
NVD
CVSS 4.0
9.3
EPSS
16.9%
CVE-2024-54152 CRITICAL PATCH Act Now

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
9.3
EPSS
2.3%
CVE-2024-47578 CRITICAL Act Now

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-10708 MEDIUM POC This Month

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress System Dashboard
NVD WPScan
CVSS 3.1
4.9
EPSS
2.0%
CVE-2024-9844 HIGH This Week

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-55500 HIGH This Week

Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-50930 HIGH This Week

An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Z Wave Software Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-53247 HIGH This Week

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-52538 HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-47977 HIGH This Week

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Avamar Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-54198 HIGH This Week

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure SAP
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-10496 HIGH This Week

An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Labview
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-10495 HIGH This Week

An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Labview
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-10494 HIGH This Week

An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Labview
NVD
CVSS 4.0
8.4
EPSS
0.2%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy