Skip to main content
CVE-2024-10044 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Fastchat
NVD
CVSS 3.0
9.3
EPSS
0.5%
CVE-2024-56734 HIGH POC PATCH This Week

Better Auth is an authentication library for TypeScript. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Better Auth
NVD GitHub
CVSS 4.0
7.9
EPSS
0.4%
CVE-2024-13038 MEDIUM POC This Month

A vulnerability was found in CodeAstro Simple Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Loan Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-56799 CRITICAL Act Now

Simofa is a tool to help automate static website building and deployment. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-47926 CRITICAL Act Now

Tecnick TCExam - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-47919 CRITICAL Act Now

Tiki Wiki CMS - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-13042 MEDIUM POC This Month

A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13039 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-13037 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Attendance Tracking Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-13029 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13032 MEDIUM POC This Month

A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF White Jotter
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-13031 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS White Jotter
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-22063 CRITICAL Act Now

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Zenic One R58
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2024-11944 HIGH This Week

iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Truenas Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-12828 HIGH PATCH This Week

Webmin CGI Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Webmin
NVD GitHub
CVSS 3.1
8.8
EPSS
32.0%
CVE-2024-47921 HIGH This Week

Smadar SPS - CWE-327: Use of a Broken or Risky Cryptographic Algorithm. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-50703 HIGH PATCH This Week

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-13051 HIGH This Week

Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Graphite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-13050 HIGH This Week

Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Graphite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-13049 HIGH This Week

Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cobalt
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-13048 HIGH This Week

Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cobalt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-13047 HIGH This Week

Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cobalt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-13046 HIGH This Week

Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cobalt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-13045 HIGH This Week

Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Cobalt
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-13044 HIGH This Week

Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cobalt
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-13043 HIGH This Week

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Panda Dome
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12752 HIGH This Week

Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2024-12751 HIGH This Week

Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2024-12836 HIGH This Week

Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Drasimucad
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2024-12835 HIGH This Week

Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Drasimucad
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2024-12834 HIGH This Week

Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Drasimucad
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2024-47925 HIGH This Week

Tecnick TCExam - Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47924 HIGH This Week

Boa web server - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47922 HIGH This Week

Priority - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47920 HIGH This Week

Tiki Wiki CMS - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47917 HIGH This Week

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-56800 HIGH This Week

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-12753 HIGH This Week

Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-54181 HIGH This Week

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Command Injection Websphere Automation
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-56801 MEDIUM PATCH This Month

Tasklists provides plugin tasklists for GLPI. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Tasklists
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-56516 MEDIUM This Month

free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-13030 MEDIUM This Month

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dir 823G Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.9%
CVE-2024-11946 MEDIUM This Month

iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Truenas Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-46542 MEDIUM This Month

Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-47918 MEDIUM This Month

Tiki Wiki CMS - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-56733 MEDIUM This Month

Password Pusher is an open source application to communicate sensitive information over the web. Rated medium severity (CVSS 5.7). No vendor patch available.

Authentication Bypass XSS Session Fixation
NVD GitHub
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-12754 MEDIUM This Month

AnyDesk Link Following Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Anydesk
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2024-56517 MEDIUM This Month

LGSL (Live Game Server List) provides online status lists for online video games. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-50702 MEDIUM PATCH This Month

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47923 MEDIUM This Month

Mashov - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy