Skip to main content
CVE-2024-54996 HIGH POC This Week

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-9188 HIGH This Month

Specially constructed queries cause cross platform scripting leaking administrator tokens. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ng Firewall
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9134 HIGH POC This Week

Multiple SQL Injection vulnerabilities exist in the reporting application. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ng Firewall
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2024-9132 HIGH This Month

The administrator is able to configure an insecure captive portal script. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Ng Firewall
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-9131 HIGH This Month

A user with administrator privileges can perform command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ng Firewall
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-47520 HIGH This Month

A user with advanced report application access rights can perform actions for which they are not authorized. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ng Firewall
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-47519 HIGH This Month

Backup uploads to ETM subject to man-in-the-middle interception. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ng Firewall
NVD
CVSS 3.1
8.3
EPSS
0.1%
CVE-2024-6662 HIGH This Month

Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-57228 HIGH POC This Week

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-57227 HIGH POC This Week

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-57226 HIGH POC This Week

Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E7350 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-57211 HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-54848 HIGH POC This Month

Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cp Vnr 3104 Firmware
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-22598 HIGH POC This Week

WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2025-22597 HIGH POC This Week

WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wegia
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-46210 HIGH This Month

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-25371 HIGH POC This Month

Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy