Skip to main content
CVE-2024-0204 CRITICAL POC THREAT Emergency

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goanywhere Managed File Transfer
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
95.1%
CVE-2024-0784 CRITICAL POC Act Now

A vulnerability was found in hongmaple octopus 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Octopus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0783 CRITICAL POC Act Now

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Admission System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-0778 CRITICAL POC THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Isc 2500 S Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
32.1%
CVE-2024-23752 CRITICAL POC Act Now

GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Python Pandasai
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-23751 CRITICAL POC PATCH Act Now

LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Llamaindex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-22895 HIGH POC This Week

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23750 HIGH POC PATCH This Week

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Metagpt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24135 HIGH POC This Week

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eagle 1200Ac Firmware
NVD VulDB
CVSS 3.1
7.8
EPSS
1.3%
CVE-2024-0782 MEDIUM POC This Month

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Railway Reservation System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0781 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Internet Banking System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21484 MEDIUM POC PATCH This Month

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Jsrsasign
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.0%
CVE-2024-0430 MEDIUM POC This Month

IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Malware Fighter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0774 MEDIUM POC This Month

A vulnerability was found in Any-Capture Any Sound Recorder 2.93. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Any Sound Recorder
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0772 MEDIUM POC This Month

A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sharealarmpro
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-0776 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pb Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-0773 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-23340 MEDIUM POC PATCH This Month

@hono/node-server is an adapter that allows users to run Hono applications on Node.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Path Traversal Node Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-23678 HIGH This Week

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk Deserialization Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-23768 HIGH This Week

Dremio before 24.3.1 allows path traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dremio
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-0605 HIGH This Week

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Race Condition RCE Firefox Focus
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-22233 HIGH PATCH This Week

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-0775 HIGH PATCH This Week

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-23339 MEDIUM PATCH This Month

hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Information Disclosure Hoolock
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-23675 MEDIUM This Month

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Cloud
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0606 MEDIUM This Month

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Firefox Focus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-22113 MEDIUM This Month

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cgi An Anlyzer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23677 MEDIUM This Month

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-23676 LOW Monitor

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy