THREAT ALERT

ACT NOW CVE-2024-21650 10.0 XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the user registration form. Attackers inject Groovy code into the first name or last name fields, which is executed server-side when the user profile page is rendered. | ACT NOW CVE-2024-22087 9.8 route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 09, 2024

82 CVEs tracked today. 3 Critical, 35 High, 36 Medium, 7 Low.

CVE-2024-21663 CRITICAL CVSS 9.9
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Discord Recon
CVE-2024-21646 CRITICAL CVSS 9.8
Azure uAMQP is a general purpose C library for AMQP 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Microsoft RCE Code Injection Azure Uamqp
CVE-2024-0057 CRITICAL CVSS 9.1
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Powershell Visual Studio 2022 Net Framework Net
CVE-2024-22125 HIGH CVSS 7.4
Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Sap Information Disclosure Gui Connector
CVE-2024-21737 HIGH CVSS 8.4
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Sap RCE Code Injection Application Interface Framework
CVE-2024-21735 HIGH CVSS 7.3
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. Rated high severity (CVSS 7.3). No vendor patch available.

Authentication Bypass Sap Lt Replication Server
CVE-2024-21651 HIGH CVSS 7.5
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xwiki
CVE-2024-21648 HIGH CVSS 8.0
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Xwiki
CVE-2024-21325 HIGH CVSS 7.8
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Printer Metadata Troubleshooter Tool
CVE-2024-21318 HIGH CVSS 8.8
Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Microsoft RCE Sharepoint Server
CVE-2024-21312 HIGH CVSS 7.5
.NET Framework Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Framework
CVE-2024-21310 HIGH CVSS 7.8
Critical vulnerability in NETGEAR ProSAFE NMS300 network management system.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2
CVE-2024-21309 HIGH CVSS 7.8
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Microsoft Information Disclosure Windows 11 21H2 Windows 11 22h2
CVE-2024-21307 HIGH CVSS 7.5
Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Windows 10 1507 Windows 10 1607
CVE-2024-20700 HIGH CVSS 7.5
Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Microsoft Race Condition RCE Windows 10 1809 Windows 10 21h2
CVE-2024-20698 HIGH CVSS 7.8
Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 21.7%.

Integer Overflow Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2
CVE-2024-20697 HIGH CVSS 7.3
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.

Buffer Overflow RCE Heap Overflow Microsoft Windows 11 22h2
CVE-2024-20696 HIGH CVSS 7.3
Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow Microsoft Windows 10 1809
CVE-2024-20687 HIGH CVSS 7.5
Microsoft AllJoyn API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507
CVE-2024-20686 HIGH CVSS 7.8
Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows Server 2022 23h2 Microsoft
CVE-2024-20683 HIGH CVSS 7.8
Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Windows 10 1507 Windows 10 1607
CVE-2024-20682 HIGH CVSS 7.8
Windows Cryptographic Services Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-20681 HIGH CVSS 7.8
Windows Subsystem for Linux Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Microsoft Windows 10 21h2
CVE-2024-20677 HIGH CVSS 7.8
A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Microsoft 365 Apps
CVE-2024-20676 HIGH CVSS 8.0
Unauthenticated RCE in NETGEAR ProSAFE NMS300 before 1.7.0.31.

Microsoft Command Injection RCE Azure Storage Mover
CVE-2024-20674 HIGH CVSS 8.8
Windows Kerberos Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0%.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-20672 HIGH CVSS 7.5
Multiple vulnerabilities in TRENDnet TEW-827DRU router including command injection and insecure passwords. PoC available.

Denial Of Service Net
CVE-2024-20661 HIGH CVSS 7.5
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1507 Windows 10 1607
CVE-2024-20658 HIGH CVSS 7.8
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607
CVE-2024-20657 HIGH CVSS 7.0
Windows Group Policy Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-20656 HIGH CVSS 7.8
Visual Studio contains an elevation of privilege vulnerability that allows local attackers to escalate privileges through symlink exploitation. Successful exploitation grants elevated permissions on the development workstation, potentially compromising the software supply chain.

Information Disclosure Visual Studio Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
CVE-2024-20654 HIGH CVSS 8.0
Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Microsoft RCE Windows 10 1507 Windows 10 1607
CVE-2024-20653 HIGH CVSS 7.8
Microsoft Common Log File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607
CVE-2024-20652 HIGH CVSS 8.1
Windows HTML Platforms Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-0352 HIGH CVSS 7.3
Likeshop e-commerce platform through version 2.5.7.20210311 contains a critical unrestricted file upload vulnerability in the FileServer::userFormImage function. Unauthenticated attackers can upload PHP webshells via crafted HTTP POST requests, achieving remote code execution on the server.

File Upload PHP Likeshop
CVE-2024-0213 HIGH CVSS 8.2
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apple Denial Of Service Agent macOS
CVE-2024-0206 HIGH CVSS 7.1
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Anti Malware Engine
CVE-2024-0056 HIGH CVSS 8.7
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Microsoft Data Sqlclient Sql Server System Data Sqlclient
CVE-2024-22370 MEDIUM CVSS 4.6
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
CVE-2024-22368 MEDIUM CVSS 5.5
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Spreadsheet
CVE-2024-22165 MEDIUM CVSS 6.5
In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Enterprise Security
CVE-2024-22164 MEDIUM CVSS 4.3
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Enterprise Security
CVE-2024-22124 MEDIUM CVSS 4.1
Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22,. Rated medium severity (CVSS 4.1). No vendor patch available.

Sap Information Disclosure Netweaver
CVE-2024-21738 MEDIUM CVSS 4.1
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sap Netweaver Application Server Abap
CVE-2024-21736 MEDIUM CVSS 6.4
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sap S 4Hana Finance
CVE-2024-21668 MEDIUM CVSS 4.4
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Apple Google React Native Mmkv Android
CVE-2024-21664 MEDIUM CVSS 4.3
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Jwx
CVE-2024-21320 MEDIUM CVSS 6.5
Windows Themes Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.6%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-21319 MEDIUM CVSS 6.8
Microsoft Identity Denial of service vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Net Identity Model Visual Studio 2022
CVE-2024-21316 MEDIUM CVSS 6.1
Windows Server Key Distribution Service Security Feature Bypass. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 21h2
CVE-2024-21314 MEDIUM CVSS 6.5
Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607
CVE-2024-21313 MEDIUM CVSS 5.3
Windows TCP/IP Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-21311 MEDIUM CVSS 5.5
Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607
CVE-2024-21306 MEDIUM CVSS 5.7
Microsoft Bluetooth Driver Spoofing Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.6%.

Authentication Bypass Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2
CVE-2024-21305 MEDIUM CVSS 4.4
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21H2
CVE-2024-20699 MEDIUM CVSS 5.5
Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2
CVE-2024-20694 MEDIUM CVSS 5.5
Windows CoreMessaging Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2
CVE-2024-20692 MEDIUM CVSS 5.7
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-20691 MEDIUM CVSS 4.7
Windows Themes Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607
CVE-2024-20690 MEDIUM CVSS 6.5
Windows Nearby Sharing Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2
CVE-2024-20680 MEDIUM CVSS 6.5
Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-20666 MEDIUM CVSS 6.6
BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Epss exploitation probability 15.7%.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2
CVE-2024-20664 MEDIUM CVSS 6.5
Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-20663 MEDIUM CVSS 6.5
Windows Message Queuing Client (MSMQC) Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809
CVE-2024-20662 MEDIUM CVSS 4.9
Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Microsoft Windows Server 2008 Windows Server 2012
CVE-2024-20660 MEDIUM CVSS 6.5
Microsoft Message Queuing Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607
CVE-2024-20655 MEDIUM CVSS 6.6
Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Windows Server 2008
CVE-2024-0348 MEDIUM CVSS 4.3
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Denial Of Service Engineers Online Portal
CVE-2024-0345 MEDIUM CVSS 4.3
A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vehicle Booking System
CVE-2024-0344 MEDIUM CVSS 5.5
A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Timemail
CVE-2024-0343 MEDIUM CVSS 4.3
A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple House Rental System
CVE-2024-0342 MEDIUM CVSS 6.3
A vulnerability classified as critical has been found in Inis up to 2.0.1. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Inis
CVE-2024-0340 MEDIUM CVSS 4.4
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel
CVE-2024-0226 MEDIUM CVSS 4.8
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seeker
CVE-2024-21734 LOW CVSS 3.7
SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Sap Marketing
CVE-2024-0351 LOW CVSS 3.1
A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Engineers Online Portal
CVE-2024-0350 LOW CVSS 3.1
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Engineers Online Portal
CVE-2024-0349 LOW CVSS 3.7
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Engineers Online Portal
CVE-2024-0347 LOW CVSS 3.7
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic.php. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Brute Force Information Disclosure Engineers Online Portal
CVE-2024-0346 LOW CVSS 3.5
A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vehicle Booking System
CVE-2024-0341 LOW CVSS 3.5
A vulnerability was found in Inis up to 2.0.1. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

PHP Path Traversal Inis
CVE-2024-0228 None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-0193. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities