THREAT ALERT

EMERGENCY CVE-2024-21887 9.1 Ivanti Connect Secure and Policy Secure contain an authenticated command injection in web components allowing administrators to execute arbitrary commands, chained with CVE-2023-46805 for unauthenticated RCE. | ACT NOW CVE-2023-46805 8.2 Ivanti Connect Secure and Policy Secure contain an authentication bypass in the web component allowing unauthenticated access to restricted resources, chained with CVE-2024-21887 for unauthenticated RCE in massive exploitation campaigns starting January 2024. | ACT NOW CVE-2024-21591 9.8 An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%. | ACT NOW CVE-2024-21650 10.0 XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the user registration form. Attackers inject Groovy code into the first name or last name fields, which is executed server-side when the user profile page is rendered. | ACT NOW CVE-2024-22087 9.8 route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 12, 2024

61 CVEs tracked today. 3 Critical, 11 High, 42 Medium, 4 Low.

CVE-2024-21887 CRITICAL CVSS 9.1
Ivanti Connect Secure and Policy Secure contain an authenticated command injection in web components allowing administrators to execute arbitrary commands, chained with CVE-2023-46805 for unauthenticated RCE.
CVE-2024-21591 CRITICAL CVSS 9.8
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

Buffer Overflow Denial Of Service Juniper Memory Corruption RCE
CVE-2023-46805 HIGH CVSS 8.2
Ivanti Connect Secure and Policy Secure contain an authentication bypass in the web component allowing unauthenticated access to restricted resources, chained with CVE-2024-21887 for unauthenticated RCE in massive exploitation campaigns starting January 2024.
CVE-2024-22206 CRITICAL CVSS 9.0
Clerk helps developers build user management. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Privilege Escalation Javascript
CVE-2024-21616 HIGH CVSS 7.5
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21614 HIGH CVSS 7.5
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
CVE-2024-21612 HIGH CVSS 7.5
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Os Evolved
CVE-2024-21611 HIGH CVSS 7.5
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
CVE-2024-21606 HIGH CVSS 7.5
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21604 HIGH CVSS 7.5
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Os Evolved
CVE-2024-21602 HIGH CVSS 7.5
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Juniper Junos Os Evolved
CVE-2024-21595 HIGH CVSS 7.5
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21589 HIGH CVSS 7.4
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Paragon Active Assurance Control Center
CVE-2024-0474 HIGH CVSS 7.3
A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Dormitory Management System
CVE-2024-23301 MEDIUM CVSS 5.5
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Relax And Recover Linux Enterprise Enterprise Linux Fedora
CVE-2024-23179 MEDIUM CVSS 6.1
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mediawiki
CVE-2024-23178 MEDIUM CVSS 5.4
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
CVE-2024-23177 MEDIUM CVSS 6.1
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mediawiki
CVE-2024-23174 MEDIUM CVSS 5.4
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
CVE-2024-23173 MEDIUM CVSS 6.1
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Mediawiki
CVE-2024-23172 MEDIUM CVSS 5.4
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
CVE-2024-23171 MEDIUM CVSS 5.4
An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
CVE-2024-22494 MEDIUM CVSS 5.4
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
CVE-2024-22493 MEDIUM CVSS 5.4
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
CVE-2024-22492 MEDIUM CVSS 5.4
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
CVE-2024-22027 MEDIUM CVSS 6.5
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Denial Of Service Quiz Maker
CVE-2024-21982 MEDIUM CVSS 4.8
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Clustered Data Ontap
CVE-2024-21655 MEDIUM CVSS 4.3
Discourse is a platform for community discussion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
CVE-2024-21654 MEDIUM CVSS 4.8
Rubygems.org is the Ruby community's gem hosting service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Rubygems Org
CVE-2024-21639 MEDIUM CVSS 5.3
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Google Information Disclosure Chromium Embedded Framework Chrome
CVE-2024-21617 MEDIUM CVSS 6.5
An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21613 MEDIUM CVSS 6.5
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
CVE-2024-21607 MEDIUM CVSS 5.3
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
CVE-2024-21603 MEDIUM CVSS 6.5
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21601 MEDIUM CVSS 5.9
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Race Condition Juniper Junos
CVE-2024-21600 MEDIUM CVSS 6.5
An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21599 MEDIUM CVSS 6.5
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21597 MEDIUM CVSS 5.3
An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
CVE-2024-21596 MEDIUM CVSS 5.3
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service Juniper Junos
CVE-2024-21594 MEDIUM CVSS 5.5
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service Juniper Junos
CVE-2024-21587 MEDIUM CVSS 6.5
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
CVE-2024-21585 MEDIUM CVSS 5.9
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
CVE-2024-0473 MEDIUM CVSS 6.3
A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Dormitory Management System
CVE-2024-0471 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Human Resource Integrated System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Human Resource Integrated System
CVE-2024-0470 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Human Resource Integrated System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Human Resource Integrated System
CVE-2024-0469 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Human Resource Integrated System
CVE-2024-0468 MEDIUM CVSS 6.3
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fighting Cock Information System
CVE-2024-0466 MEDIUM CVSS 5.5
A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0.php. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Employee Profile Management System
CVE-2024-0464 MEDIUM CVSS 6.3
A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance
CVE-2024-0463 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance System
CVE-2024-0462 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance System
CVE-2024-0461 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance System
CVE-2024-0460 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Faculty Management System
CVE-2024-0459 MEDIUM CVSS 4.7
A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank Donor Management System
CVE-2024-0454 MEDIUM CVSS 6.0
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Microsoft Elan Match On Chip Fpr Solution Firmware Windows
CVE-2024-0443 MEDIUM CVSS 5.5
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux Fedora
CVE-2024-0472 LOW CVSS 3.5
A vulnerability was found in code-projects Dormitory Management System 1.0. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Dormitory Management System
CVE-2024-0467 LOW CVSS 3.5
A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Employee Profile Management System
CVE-2024-0465 LOW CVSS 3.5
A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

PHP Path Traversal Employee Profile Management System
CVE-2024-0393 None
Rejected reason: This CVE ID was unused by the CNA. No vendor patch available.

Information Disclosure
CVE-2024-0230 LOW CVSS 2.4
A session management issue was addressed with improved checks. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure

Today's Vulnerabilities Vulnerabilities