Skip to main content
CVE-2024-55509 CRITICAL POC Act Now

SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Complaint Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-12844 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-12843 MEDIUM POC This Month

A vulnerability was found in Emlog Pro up to 2.4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-12842 MEDIUM POC This Month

A vulnerability was found in Emlog Pro up to 2.4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-12841 MEDIUM POC This Month

A vulnerability was found in Emlog Pro up to 2.4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-56331 MEDIUM POC PATCH This Month

Uptime Kuma is an open source, self-hosted monitoring tool. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD GitHub
CVSS 3.1
6.8
EPSS
1.8%
CVE-2024-56337 CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Java Information Disclosure Bootstrap Os
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2024-12571 CRITICAL Act Now

The Store Locator for WordPress with Google Maps - LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google PHP WordPress RCE LFI +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-7726 MEDIUM POC This Month

There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Cm6 Firmware Pm7 Firmware Pm6 Firmware
NVD GitHub
CVSS 4.0
5.7
EPSS
0.4%
CVE-2024-11297 MEDIUM POC This Month

The Page Restriction WordPress (WP) - Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Page Restriction
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-56333 CRITICAL Act Now

Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection RCE Denial Of Service
NVD GitHub
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-11108 MEDIUM POC This Month

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Serious Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-12845 MEDIUM POC This Month

A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-56330 CRITICAL Act Now

Stardust is a platform for streaming isolated desktop containers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-51466 CRITICAL PATCH Act Now

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

IBM Denial Of Service Cognos Analytics
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-56329 HIGH PATCH This Week

Socialstream is a third-party package for Laravel Jetstream. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.9
EPSS
0.5%
CVE-2024-12867 HIGH This Week

Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-37758 HIGH This Week

Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-56351 HIGH This Week

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28767 HIGH This Week

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Directory Integrator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-10706 MEDIUM POC This Month

The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Download Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-10555 MEDIUM POC This Month

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Maxbuttons
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-12829 HIGH This Week

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ng Firewall
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-55341 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piranha Cms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-55342 MEDIUM POC This Month

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Piranha Cms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-8968 MEDIUM POC This Month

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Maxbuttons
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-10385 HIGH This Week

Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-12677 HIGH This Week

Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-40695 HIGH PATCH This Week

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Cognos Analytics
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-54538 HIGH This Week

A denial-of-service issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-56334 HIGH PATCH This Week

systeminformation is a System and OS information library for node.js. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Code Injection RCE Node.js
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-12831 HIGH This Week

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Ng Firewall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-56335 HIGH This Week

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Vaultwarden
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-55470 HIGH This Week

Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-44195 HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Path Traversal macOS
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-12830 HIGH This Week

Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ng Firewall
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-56356 HIGH This Week

In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-21549 MEDIUM PATCH This Month

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.6
EPSS
0.0%
CVE-2024-55471 MEDIUM This Month

Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-56353 MEDIUM This Month

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-12678 MEDIUM PATCH This Month

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nomad
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-12506 MEDIUM This Month

The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11776 MEDIUM This Month

The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.22 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11784 MEDIUM This Month

The Sell Tickets Online - TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11774 MEDIUM This Month

The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11411 MEDIUM This Month

The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.11 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11893 MEDIUM This Month

The Spoki - Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-9619 MEDIUM This Month

The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-12509 MEDIUM This Month

The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-11878 MEDIUM This Month

The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy