Skip to main content
CVE-2024-22409 HIGH POC PATCH This Week

DataHub is an open-source metadata platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Datahub
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-0553 HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-51810 HIGH POC This Week

SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Easydiscuss
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-22628 HIGH POC This Week

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Budget And Expense Tracker System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-22627 HIGH POC This Week

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-22626 HIGH POC This Week

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-22625 HIGH POC This Week

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-0517 HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
21.7%
CVE-2024-0507 HIGH This Week

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
65.8%
CVE-2024-21673 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-21672 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-20916 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Oracle Enterprise Manager
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-22408 HIGH This Week

Shopware is an open headless commerce platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Shopware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21670 HIGH This Week

Ursa is a cryptographic library for use with blockchains. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ursa
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-0555 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Wic1200 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-23347 HIGH This Week

Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Meta Spark Studio
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0582 HIGH PATCH This Week

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
12.8%
CVE-2024-22428 HIGH This Week

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Emc Idrac Service Module
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20924 HIGH PATCH This Week

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Hashicorp Information Disclosure Oracle Audit Vault And Database Firewall
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-21674 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-22362 HIGH This Week

Drupal contains a vulnerability with improper handling of structural elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Drupal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy