Skip to main content
CVE-2024-22895 HIGH POC This Week

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23750 HIGH POC PATCH This Week

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Metagpt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24135 HIGH POC This Week

Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eagle 1200Ac Firmware
NVD VulDB
CVSS 3.1
7.8
EPSS
1.3%
CVE-2024-23678 HIGH This Week

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk Deserialization Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-23768 HIGH This Week

Dremio before 24.3.1 allows path traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dremio
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-0605 HIGH This Week

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Race Condition RCE Firefox Focus
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-22233 HIGH PATCH This Week

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-0775 HIGH PATCH This Week

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy