BwithE

4 exploits Active since Aug 2024
CVE-2024-9796 NOMISEC CRITICAL WORKING POC
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection via t Parameter
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
1 stars
CVSS 9.8
CVE-2024-48061 NOMISEC CRITICAL WORKING POC
langflow <=1.0.18 - Remote Code Execution via Unsafe Component Code Execution
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox.
CVSS 9.8
CVE-2024-51482 NOMISEC CRITICAL WORKING POC
ZoneMinder <1.37.64 - SQL Injection
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
CVSS 9.9
CVE-2024-40453 NOMISEC CRITICAL WORKING POC
squirrellyjs <9.0.0 - Code Injection
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
CVSS 9.8