Skip to main content
CVE-2024-55081 CRITICAL POC Act Now

An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-56159 HIGH POC PATCH This Week

Astro is a web framework for content-driven websites. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Astro
NVD GitHub
CVSS 4.0
7.8
EPSS
1.5%
CVE-2024-38819 HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
7.5
EPSS
54.9%
CVE-2024-55082 HIGH POC This Week

{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-54790 HIGH POC This Week

A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi PHP RCE Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11740 HIGH POC This Week

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Download Manager
NVD
CVSS 3.1
7.3
EPSS
1.9%
CVE-2024-12792 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-12791 MEDIUM POC This Month

A vulnerability was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-12788 MEDIUM POC This Month

A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Technical Discussion Forum
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-55603 MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Docker Kanboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-53991 MEDIUM POC THREAT This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Nginx Discourse
NVD GitHub
CVSS 3.1
5.9
EPSS
25.4%
CVE-2024-10244 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-54984 CRITICAL Act Now

An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54983 CRITICAL Act Now

An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-12728 CRITICAL PATCH Act Now

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sophos Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-12727 CRITICAL PATCH Act Now

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi RCE Sophos Microsoft Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-12626 CRITICAL Act Now

The AutomatorWP - Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress XSS
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-11984 CRITICAL Act Now

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
9.4
EPSS
0.7%
CVE-2024-12794 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12790 MEDIUM POC This Month

A vulnerability was found in code-projects Hostel Management Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hostel Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12785 MEDIUM POC This Month

A vulnerability was found in itsourcecode Vehicle Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12784 MEDIUM POC This Month

A vulnerability was found in itsourcecode Vehicle Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12783 MEDIUM POC This Month

A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-49765 CRITICAL Act Now

Discourse is an open source platform for community discussion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-12729 HIGH PATCH This Week

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Sophos Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-25131 HIGH PATCH This Week

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-12700 HIGH This Week

There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-54150 HIGH This Week

cjwt is a C JSON Web Token (JWT) Implementation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-56200 HIGH This Week

Altair is a fork of Misskey v12. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-9154 HIGH This Week

A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device.8s0 (#2633). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-12672 HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12175 HIGH This Week

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11364 HIGH This Week

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Arena
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11157 HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12786 HIGH This Week

A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Adobe Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12111 HIGH This Week

In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass.3(4.4); 24.3(4.5). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-4230 HIGH This Week

External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4229 HIGH This Week

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35141 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-56327 HIGH PATCH This Week

pyrage is a set of Python bindings for the rage file encryption library (age in Rust). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
CVE-2024-54663 HIGH This Week

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-55196 HIGH This Week

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-51532 HIGH This Week

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Powerstoreos
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-12787 MEDIUM This Month

A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Attendance Tracking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-12782 MEDIUM This Month

A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-37962 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7139 MEDIUM This Month

Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7138 MEDIUM This Month

An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7137 MEDIUM This Month

The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45818 MEDIUM PATCH This Month

The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Xen
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy