THREAT ALERT

ACT NOW CVE-2024-21650 10.0 XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the user registration form. Attackers inject Groovy code into the first name or last name fields, which is executed server-side when the user profile page is rendered. | ACT NOW CVE-2024-22087 9.8 route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 10, 2024

24 CVEs tracked today. 1 Critical, 2 High, 20 Medium, 0 Low.

CVE-2024-21638 CRITICAL CVSS 9.1
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Azure Ipam
CVE-2024-21643 HIGH CVSS 7.1
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft RCE Code Injection Identitymodel Extensions
CVE-2024-0359 HIGH CVSS 7.3
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Online Hotel Reservation System
CVE-2024-20715 MEDIUM CVSS 5.5
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
CVE-2024-20714 MEDIUM CVSS 5.5
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
CVE-2024-20713 MEDIUM CVSS 5.5
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
CVE-2024-20712 MEDIUM CVSS 5.5
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
CVE-2024-20711 MEDIUM CVSS 5.5
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
CVE-2024-20710 MEDIUM CVSS 5.5
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
CVE-2024-0389 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Attendance System
CVE-2024-0364 MEDIUM CVSS 5.5
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Hospital Management System
CVE-2024-0363 MEDIUM CVSS 5.5
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
CVE-2024-0362 MEDIUM CVSS 5.5
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
CVE-2024-0361 MEDIUM CVSS 5.5
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
CVE-2024-0360 MEDIUM CVSS 5.5
A vulnerability was found in PHPGurukul Hospital Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
CVE-2024-0358 MEDIUM CVSS 5.3
A vulnerability was found in DeShang DSO2O up to 4.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dso2O
CVE-2024-0357 MEDIUM CVSS 5.5
A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Eva
CVE-2024-0356 MEDIUM CVSS 4.3
A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ssm Shiro Blog
CVE-2024-0355 MEDIUM CVSS 5.5
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dairy Farm Shop Management System
CVE-2024-0354 MEDIUM CVSS 5.3
A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Download Station
CVE-2024-0333 MEDIUM CVSS 5.3
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Fedora
CVE-2024-0310 MEDIUM CVSS 6.1
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Endpoint Security Web Control
CVE-2023-5455 MEDIUM CVSS 6.5
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux For Arm 64 Eus
CVE-2024-0395 None
Rejected reason: NON Security Issue. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities