Skip to main content
CVE-2024-12487 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12486 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12485 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Class And Exam Scheduling System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12482 MEDIUM POC This Month

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Java Wetech Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2024-12481 MEDIUM POC This Month

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wetech Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-12480 MEDIUM POC This Month

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wetech Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12479 MEDIUM POC This Month

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wetech Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-21575 CRITICAL Act Now

ComfyUI-Impact-Pack is vulnerable to Path Traversal. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 4.0
9.2
EPSS
1.0%
CVE-2024-47600 CRITICAL PATCH Act Now

A buffer overflow vulnerability in GStreamer's media discovery component allows remote attackers to read sensitive stack memory and potentially crash applications. The flaw occurs when processing media files with more than 64 audio channels, causing the format_channel_mask function to read beyond array bounds. With a CVSS score of 9.1 and network-based attack vector requiring no authentication, this represents a critical risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47597 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's MP4 demuxer that allows remote attackers to read up to 8 bytes beyond allocated memory boundaries when processing malformed MP4 files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by serving a malicious MP4 file, potentially exposing sensitive memory contents or causing application crashes. A proof-of-concept file (GHSL-2024-245_crash1.mp4) has been publicly disclosed, and while not currently in CISA's KEV catalog, the vulnerability has a critical CVSS score of 9.1.

Information Disclosure Buffer Overflow Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47834 CRITICAL PATCH Act Now

A use-after-free vulnerability in GStreamer's Matroska demuxer allows remote attackers to cause denial of service or potentially disclose sensitive information by sending specially crafted Matroska media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing CodecPrivate elements in Matroska streams. No active exploitation has been reported (not in KEV), and no public proof-of-concept exists, though the network-accessible nature and low complexity make it a credible threat.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47777 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to read 4 bytes of memory beyond buffer boundaries when processing specially crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can lead to information disclosure or application crashes when parsing malicious media files. While no active exploitation has been reported and the vulnerability is not listed in CISA's KEV catalog, the network-based attack vector and lack of authentication requirements make this a significant security concern for applications using GStreamer for media processing.

Information Disclosure Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47776 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to crash applications or potentially leak sensitive memory contents when processing maliciously crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication through network-accessible media processing applications. While no active exploitation has been observed in the wild (not in KEV), the vulnerability has a high CVSS score of 9.1 and detailed technical analysis is publicly available.

Denial Of Service Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47775 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to crash applications or potentially leak sensitive memory contents when processing malformed WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication through network-accessible applications using the library. While no public exploits or KEV listings exist, the high CVSS score of 9.1 reflects the potential for both denial of service and information disclosure impacts.

Denial Of Service Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47598 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's qtdemux component that allows reading 4 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be exploited remotely without authentication to potentially expose sensitive information or cause application crashes. With a CVSS score of 9.1 and network-based attack vector, this represents a significant risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47774 CRITICAL PATCH Act Now

A critical out-of-bounds read vulnerability exists in GStreamer's AVI subtitle parsing functionality, allowing remote attackers to read sensitive memory contents and potentially crash applications. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when processing maliciously crafted AVI files with subtitle chunks. With a CVSS score of 9.1 and requiring no authentication or user interaction for exploitation, this represents a severe risk for applications using GStreamer for media processing.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-12503 MEDIUM POC This Month

A vulnerability classified as problematic was found in ClassCMS 4.8. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Classcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-53273 MEDIUM POC PATCH This Month

Habitica is an open-source habit-building program. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Habitica
NVD GitHub
CVSS 4.0
5.0
EPSS
0.4%
CVE-2024-53272 MEDIUM POC PATCH This Month

Habitica is an open-source habit-building program. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Habitica
NVD GitHub
CVSS 4.0
5.0
EPSS
0.4%
CVE-2024-55884 CRITICAL Act Now

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable(). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Google RCE Memory Corruption
NVD GitHub
CVSS 3.1
9.0
EPSS
1.3%
CVE-2024-54505 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9881 MEDIUM POC This Month

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Learnpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9641 MEDIUM POC This Month

The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Luckywp Table Of Contents
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9428 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-12040 HIGH This Week

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress RCE LFI Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10518 MEDIUM POC This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilepress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-10517 MEDIUM POC This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilepress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-10010 MEDIUM POC This Month

The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Learnpress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-10590 HIGH This Week

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Nginx File Upload
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11689 HIGH This Week

The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11443 HIGH This Week

The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-55587 HIGH This Week

python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Python
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-49125 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-49117 HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-49104 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-49102 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-49093 HIGH This Week

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows Server 2025
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-49086 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-49085 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-49080 HIGH This Week

Windows IP Routing Management Snapin Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-12382 HIGH This Week

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2024-12381 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-11950 HIGH This Week

XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Xnview
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-11949 HIGH This Week

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Archiver
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11947 HIGH This Week

GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Archiver
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10568 MEDIUM POC This Month

The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-55659 HIGH PATCH This Week

SiYuan is a personal knowledge management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal XSS Siyuan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-55658 HIGH PATCH This Week

SiYuan is a personal knowledge management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siyuan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-55657 HIGH PATCH This Week

SiYuan is a personal knowledge management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siyuan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-54514 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy