Skip to main content
CVE-2024-56901 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-56898 HIGH POC This Week

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD Exploit-DB GitHub
CVSS 3.1
8.8
EPSS
6.9%
CVE-2024-44449 MEDIUM This Month

Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-25181 MEDIUM POC KEV THREAT Act Now

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

SQLi Veracore
NVD
CVSS 3.1
5.8
EPSS
72.1%
CVE-2025-25065 MEDIUM This Month

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Zimbra Collaboration Suite
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-25064 HIGH This Week

Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 contain a SQL injection in the ZimbraSync Service SOAP endpoint. Authenticated attackers can manipulate a sync parameter to inject arbitrary SQL, extracting email contents, credentials, and mailbox data from the Zimbra database.

SQLi Zimbra Collaboration Suite
NVD
CVSS 3.1
8.8
EPSS
48.3%
CVE-2025-22978 CRITICAL POC Act Now

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Eladmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-57968 CRITICAL POC KEV THREAT Act Now

Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint.

File Upload Veracore
NVD
CVSS 3.1
9.9
EPSS
44.2%
CVE-2024-57669 HIGH This Month

Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-57498 MEDIUM POC Monitor

Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Forestblog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-57452 HIGH POC This Month

ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Chestnutcms
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57450 CRITICAL POC Act Now

ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-57099 CRITICAL POC Act Now

ClassCMS v4.8 has a code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Classcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-57098 CRITICAL POC Act Now

Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Moss
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-57097 MEDIUM POC Monitor

ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Classcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2024-56946 MEDIUM PATCH This Month

Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Dnsserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-56921 HIGH POC PATCH This Month

An issue was discovered in Open5gs v2.7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-12859 HIGH This Month

The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP LFI Information Disclosure RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-12511 HIGH This Month

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-11134 MEDIUM Monitor

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Eventer
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-57238 HIGH This Month

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-57237 MEDIUM This Month

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-57004 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmail Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
3.1%
CVE-2024-50656 MEDIUM POC This Month

itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Placement Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-12510 MEDIUM This Month

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-24898 MEDIUM PATCH This Month

rust-openssl is a set of OpenSSL bindings for the Rust programming language. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Memory Corruption Use After Free Denial Of Service Red Hat +1
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-57967 MEDIUM Monitor

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Hashicorp Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.2%

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-57175 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Birth Certificate System
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-56161 HIGH This Month

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and. Rated high severity (CVSS 7.2). No vendor patch available.

Amd Information Disclosure Jwt Attack Red Hat Suse
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-54840 MEDIUM Monitor

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Code Injection Privileged Access Manager
NVD GitHub
CVSS 3.1
4.2
EPSS
0.0%
CVE-2024-53943 MEDIUM This Month

An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-53942 MEDIUM Monitor

An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 10.4% and no vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
4.8
EPSS
10.4%
CVE-2024-36437 MEDIUM This Month

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-55456 MEDIUM POC This Week

lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-49843 HIGH PATCH This Month

Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6200 Firmware Fastconnect 7800 Firmware Qca6391 Firmware Qcm6125 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49840 HIGH This Month

Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcc2073 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49839 HIGH PATCH This Month

Memory corruption during management frame processing due to mismatch in T2LM info element. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +181
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-49838 HIGH PATCH This Month

Information disclosure while parsing the OCI IE with invalid length. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +162
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-49837 HIGH This Month

Memory corruption while reading CPU state data during guest VM suspend. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49834 HIGH PATCH This Month

Memory corruption while power-up or power-down sequence of the camera sensor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +118
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49833 HIGH PATCH This Month

Memory corruption can occur in the camera when an invalid CID is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qam8255p Firmware +74
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49832 HIGH PATCH This Month

Memory corruption in Camera due to unusually high number of nodes passed to AXI port. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcs6490 Firmware Video Collaboration Vc3 Platform Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45584 HIGH PATCH This Month

Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +118
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45582 HIGH PATCH This Month

Memory corruption while validating number of devices in Camera kernel . Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm8550 Firmware Qcs6490 Firmware +29
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45573 HIGH This Month

Memory corruption may occour while generating test pattern due to negative indexing of display ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45571 HIGH PATCH This Month

Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Memory Corruption Use After Free Ar8035 Firmware Csr8811 Firmware +148
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45569 CRITICAL PATCH This Week

Memory corruption while parsing the ML IE due to invalid frame content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +169
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-45561 HIGH This Month

Memory corruption while handling IOCTL call from user-space to set latency level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45560 HIGH This Month

Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +33
NVD
CVSS 3.1
7.8
EPSS
0.1%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy