Skip to main content
CVE-2024-55875 CRITICAL POC PATCH GHSA Act Now

http4k is a functional toolkit for Kotlin HTTP applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE XXE Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-54811 CRITICAL POC Act Now

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Park Ticketing Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54810 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Pre School Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-55099 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-54842 CRITICAL POC Act Now

A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-55879 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-55877 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-55662 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11274 HIGH POC This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Open Redirect Kubernetes
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-49138 HIGH POC KEV PATCH THREAT This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
25.4%
CVE-2024-47541 HIGH POC PATCH This Week

An out-of-bounds write vulnerability exists in GStreamer's SSA subtitle parser (gstssaparse.c) that occurs when malformed SubStation Alpha style override codes contain a closing curly bracket before an opening bracket. This triggers progressively larger memory writes via memmove(), leading to memory corruption and denial of service. A public proof-of-concept exploit is available from GitHub Security Lab (GHSL-2024-228), though the EPSS score remains relatively low at 0.09% (25th percentile), indicating limited observed exploitation activity in the wild.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47542 HIGH POC PATCH This Week

A null pointer dereference vulnerability exists in the GStreamer multimedia framework's ID3v2 tag parsing functionality, specifically in the id3v2_read_synch_uint function. The vulnerability allows remote attackers to cause a Denial of Service (DoS) through a segmentation fault without requiring authentication or user interaction. A public proof-of-concept exploit is available from GitHub Security Lab (GHSL-2024-235), though EPSS scoring indicates only a 0.08% probability of active exploitation in the wild (23rd percentile).

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8233 HIGH POC This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-10499 HIGH POC This Week

The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ai Engine
NVD WPScan
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-12497 MEDIUM POC This Month

A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Attendance Tracking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-12484 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Technical Discussion Forum
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-12570 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2024-9387 MEDIUM POC This Month

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-12483 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Ujcms
NVD GitHub VulDB Exploit-DB
CVSS 4.0
6.3
EPSS
3.5%
CVE-2024-54534 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-54498 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-21574 CRITICAL Act Now

The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-44242 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44241 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Apple Ipados Iphone Os
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44299 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42448 CRITICAL Act Now

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
9.9
EPSS
20.1%
CVE-2024-47540 CRITICAL PATCH Act Now

An uninitialized stack variable vulnerability in GStreamer's Matroska demuxer leads to function pointer hijacking when processing malformed media files with specific size conditions. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by crafting malicious Matroska/WebM files. With a critical CVSS score of 9.8 and being tagged as RCE, this represents a severe risk for applications using GStreamer for media processing.

RCE Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-47606 CRITICAL PATCH Act Now

A critical integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) leads to memory corruption and arbitrary code execution when processing specially crafted media files. The vulnerability affects all GStreamer versions prior to 1.24.10, allowing remote attackers to execute arbitrary code without authentication by providing malicious media content. With a CVSS score of 9.8 and patches available, this represents a severe risk for applications using GStreamer for media processing.

RCE Debian Linux Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-47539 CRITICAL PATCH Act Now

An out-of-bounds write vulnerability in GStreamer's isomp4/qtdemux.c allows remote attackers to overwrite up to 3 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be exploited without authentication over the network, potentially leading to remote code execution. While no active exploitation has been reported (not in KEV), the vulnerability has a critical CVSS score of 9.8 and patches are available.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47537 CRITICAL PATCH Act Now

An integer overflow vulnerability in GStreamer's QuickTime demuxer leads to out-of-bounds memory writes when processing malicious media files with crafted sample count values. The vulnerability affects all GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by serving specially crafted media files. With a critical CVSS score of 9.8 and network-based attack vector, this presents a severe risk for applications using GStreamer for media processing.

Buffer Overflow Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47607 CRITICAL PATCH Act Now

A stack-based buffer overflow vulnerability exists in GStreamer's Opus audio decoder that allows remote attackers to execute arbitrary code by overwriting the instruction pointer (EIP) on the stack. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered when processing specially crafted Opus audio streams with more than 64 channels. While not currently listed in CISA KEV and with no public exploit code identified, the vulnerability has a critical CVSS score of 9.8 due to its remote exploitability without authentication.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47538 CRITICAL PATCH Act Now

A stack buffer overflow vulnerability exists in GStreamer's Vorbis audio decoder that allows remote attackers to execute arbitrary code without authentication. The flaw occurs when processing malicious Vorbis audio files with more than 64 channels, leading to stack memory corruption and potential control over the instruction pointer (EIP). While not currently in CISA's Known Exploited Vulnerabilities catalog, the vulnerability has a critical CVSS score of 9.8 and patches are available.

Buffer Overflow Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47615 CRITICAL PATCH Act Now

A critical out-of-bounds write vulnerability exists in GStreamer's Vorbis parser that allows remote code execution by processing malicious media files. The flaw affects all GStreamer versions prior to 1.24.10 and enables attackers to overwrite up to 380 bytes of memory beyond array boundaries, potentially leading to arbitrary code execution without authentication. The vulnerability has been assigned a maximum CVSS score of 9.8, indicating critical severity with network-based exploitation possible.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47613 CRITICAL PATCH Act Now

A null pointer dereference vulnerability exists in GStreamer's GdkPixbuf decoder that occurs when processing specially crafted media files, causing the application to crash with a segmentation fault. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to trigger a denial of service without authentication or user interaction. While rated CVSS 9.8, this appears to be primarily a DoS vulnerability despite the high confidentiality/integrity scores, with no evidence of active exploitation in the wild or inclusion in CISA's KEV catalog.

Denial Of Service Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-49147 CRITICAL Act Now

Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Update Catalog
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-10124 CRITICAL Act Now

The Vayu Blocks - Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE WordPress
NVD
CVSS 3.1
9.8
EPSS
31.2%
CVE-2024-11015 CRITICAL Act Now

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Google
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-54506 CRITICAL Act Now

An out-of-bounds access issue was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple RCE macOS
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-54465 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-49112 CRITICAL Act Now

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
9.8
EPSS
70.9%
CVE-2024-11948 CRITICAL Act Now

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Archiver
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-55876 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-8647 MEDIUM POC This Month

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Path Traversal CSRF
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10637 MEDIUM POC This Month

The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenberg Blocks With Ai
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-12255 MEDIUM POC PATCH This Month

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Information Disclosure PHP Accept Stripe Payments Using Contact Form 7
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-12492 MEDIUM POC This Month

A vulnerability was found in code-projects Farmacia 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-12490 MEDIUM POC This Month

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-50339 CRITICAL Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 4.0
9.3
EPSS
19.6%
CVE-2024-12489 MEDIUM POC This Month

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12488 MEDIUM POC This Month

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy