THREAT ALERT

ACT NOW CVE-2024-22087 9.8 route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Get CVEs that hit your stack — not 200/day

Pick your technologies, get a weekly digest by email. Free, no spam.

React Python Postgres +200 more

React Next.js Python Postgres AWS +200 more

Trending Now See all

Critical Watch See all

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Incoming 20

Pre-NVD – not yet scored

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 05, 2024

12 CVEs tracked today. 4 Critical, 5 High, 3 Medium, 0 Low.

CVE-2024-22088 CRITICAL CVSS 9.8
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption Lotos Webserver
CVE-2024-22087 CRITICAL CVSS 9.8
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

RCE Buffer Overflow Memory Corruption Pico Http Server In C
CVE-2024-22086 CRITICAL CVSS 9.8
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Cherry
CVE-2022-46839 CRITICAL CVSS 10.0
Unrestricted file upload in JS Help Desk WordPress plugin. CVSS 10.0.

File Upload
CVE-2024-21642 HIGH CVSS 7.5
D-Tale is a visualizer for Pandas data structures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF D Tale
CVE-2024-0247 HIGH CVSS 7.3
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
CVE-2023-52150 HIGH CVSS 8.8
CSRF in Dynamic Content for Elementor plugin before 2.12.5.

CSRF
CVE-2023-52143 HIGH CVSS 7.5
Information exposure in WP Stripe Checkout plugin through 1.2.2.37.

Information Disclosure
CVE-2023-51502 HIGH CVSS 7.5
Authorization bypass via user-controlled key in WooCommerce Stripe Payment Gateway plugin.

WordPress Authentication Bypass
CVE-2024-22075 MEDIUM CVSS 6.1
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Firefly Iii
CVE-2024-21641 MEDIUM CVSS 6.5
Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.8%.

Open Redirect Flarum
CVE-2024-0246 MEDIUM CVSS 4.3
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icewarp

Track CVEs for your stack Sign up free →

Today's Vulnerabilities Vulnerabilities