Skip to main content
CVE-2024-54385 HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.0.83. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

SSRF
NVD
CVSS 3.1
7.2
EPSS
83.7%
Threat
5.5
CVE-2024-53376 HIGH POC THREAT This Week

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cyberpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
11.0%
CVE-2024-52949 HIGH POC This Week

iptraf-ng 1.2.1 has a stack-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Iptraf Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-55104 HIGH POC This Week

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-55103 HIGH POC This Week

Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-54374 HIGH Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Sogrid sogrid allows PHP Local File Inclusion.5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.3% and no vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
16.3%
CVE-2024-54378 HIGH This Week

Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-54379 HIGH This Week

Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-54365 HIGH This Week

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-54352 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-56013 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in wovax Wovax IDX wovax-idx allows Authentication Bypass.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-12687 HIGH This Week

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Plextrac
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-55979 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robindkumar Wr Age Verification wr-age-verification allows SQL Injection.0.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-55986 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tiny13 Service service allows Blind SQL Injection.0.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-55973 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rnystrom TSB Occasion Editor tsb-occasion-editor allows SQL Injection.2.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-55987 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ritesh Sanap Advanced What should we write next about advanced-what-should-we-write-about-next. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-55974 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martí Batlles Martinez Mimoos devoluciones-packback allows SQL Injection.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-54359 HIGH This Week

Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured Access Control Security Levels.0.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-12668 HIGH This Week

Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-6001 HIGH This Week

An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-12646 HIGH This Week

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-12643 HIGH This Week

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-12642 HIGH This Week

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal CSRF Tenderdoctransfer
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-56083 HIGH This Week

Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-54376 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider Themes EazyDocs eazydocs allows PHP Local File Inclusion.8.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2024-37774 HIGH This Week

A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Dctrack
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-4762 HIGH This Week

An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-55989 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kyle M Brown WP Simple Pay Lite Manager stripe-manager allows SQL Injection.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-55990 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tsjippy Mollie for Contact Form 7 cf7-mollie allows Blind SQL Injection.0.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-54284 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5 allows SQL Injection.18.13. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-54283 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5 allows SQL Injection.18.13. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-54375 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Woolook woolook allows PHP Local File Inclusion.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-54279 HIGH This Week

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8058 HIGH This Week

An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-54373 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris Gardenberg EduAdmin Booking eduadmin-booking allows PHP Local File Inclusion.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-37775 HIGH This Week

Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dctrack
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-54380 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler wp-cookies-enabler allows PHP Local File Inclusion.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-10972 HIGH This Week

Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-54437 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in koolkatwebdesigns jCarousel jcarousel-for-wordpress allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-54424 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilya_compman Like in Vk.com like-on-vkontakte allows Stored XSS.com: from n/a through <= 0.5.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-54406 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Comments On Feed comments-on-feed allows Reflected XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-54364 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spartac Feedpress Generator feedpress-generator allows Reflected XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-54257 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed tydskrif tydskrif allows Reflected XSS.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-54249 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor advanced-options-editor allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-54403 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oktoberfive Visual Recent Posts visual-recent-posts allows Reflected XSS.2.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54387 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges posts-date-ranges allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-56015 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up tidy-up allows Reflected XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54436 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in milordk Jet Footer Code jet-footer-code allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54435 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter onlywire-multi-autosubmitter allows Stored XSS.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54434 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in BenJemin phZoom phzoom allows Stored XSS.2.92. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy