Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 02, 2024

17 CVEs tracked today. 1 Critical, 3 High, 8 Medium, 5 Low.

CVE-2024-21623 CRITICAL CVSS 9.8
OTCLient is an alternative tibia client for otserv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Otclient
CVE-2024-21632 HIGH CVSS 8.6
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Omniauth
CVE-2024-21627 HIGH CVSS 8.1
PrestaShop is an open-source e-commerce platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

XSS Prestashop
CVE-2024-0193 HIGH CVSS 7.8
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Privilege Escalation Use After Free Linux Kernel
CVE-2024-21629 MEDIUM CVSS 5.9
Rust EVM is an Ethereum Virtual Machine interpreter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Evm
CVE-2024-21628 MEDIUM CVSS 5.4
PrestaShop is an open-source e-commerce platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
CVE-2024-0196 MEDIUM CVSS 6.3
A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Magic Api
CVE-2024-0195 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.0%.

Java RCE Code Injection Spider Flow
CVE-2024-0194 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Internet Banking System
CVE-2024-0192 MEDIUM CVSS 6.3
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rrj Nueva Ecija Engineer Online Portal
CVE-2024-0191 MEDIUM CVSS 5.3
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rrj Nueva Ecija Engineer Online Portal
CVE-2024-0185 MEDIUM CVSS 4.7
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rrj Nueva Ecija Engineer Online Portal
CVE-2024-0190 LOW CVSS 3.5
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic.php of the component Quiz Handler. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rrj Nueva Ecija Engineer Online Portal
CVE-2024-0189 LOW CVSS 3.5
A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rrj Nueva Ecija Engineer Online Portal
CVE-2024-0188 LOW CVSS 3.1
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure Rrj Nueva Ecija Engineer Online Portal
CVE-2024-0186 LOW CVSS 3.7
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huiran Host Reseller System
CVE-2024-0184 LOW CVSS 2.4
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rrj Nueva Ecija Engineer Online Portal

Today's Vulnerabilities Vulnerabilities