Skip to main content
CVE-2023-36177 CRITICAL POC THREAT Emergency

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 28.9%.

Code Injection RCE Snapcast
NVD VulDB
CVSS 3.1
9.8
EPSS
28.9%
Threat
4.3
CVE-2024-23222 HIGH POC KEV THREAT Act Now

Arbitrary code execution in Apple WebKit affects Safari and the system browser engine across iOS, iPadOS, macOS, tvOS, and visionOS, where a type confusion flaw allows attackers to execute code via maliciously crafted web content. The vulnerability is confirmed actively exploited (CISA KEV) and was used in the Coruna exploit chain against older iOS devices before being backported to legacy versions. EPSS sits at 0.62% (70th percentile), consistent with targeted exploitation rather than mass scanning.

Apple RCE Memory Corruption
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-22205 CRITICAL POC PATCH Act Now

Whoogle Search is a self-hosted metasearch engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Whoogle Search
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-22203 CRITICAL POC PATCH Act Now

Whoogle Search is a self-hosted metasearch engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Whoogle Search
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-22663 CRITICAL POC Act Now

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-22662 CRITICAL POC Act Now

TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-22660 CRITICAL POC Act Now

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-23342 HIGH POC This Week

The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Ecdsa
NVD GitHub
CVSS 3.1
7.4
EPSS
1.0%
CVE-2024-22497 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Jfinalcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22417 MEDIUM POC PATCH This Month

Whoogle Search is a self-hosted metasearch engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Whoogle Search
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22496 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Jfinalcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22490 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Beetl Bbs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23636 CRITICAL PATCH Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Java Sofarpc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22076 CRITICAL Act Now

MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Print Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-23330 MEDIUM POC This Month

Tuta is an encrypted email service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Tutanota
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22204 MEDIUM POC PATCH This Month

Whoogle Search is a self-hosted metasearch engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Whoogle Search
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-23209 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23213 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23214 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-0755 HIGH This Week

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Buffer Overflow Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-0751 HIGH This Week

A malicious devtools extension could have been used to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-0750 HIGH This Week

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-0745 HIGH This Week

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23348 HIGH This Week

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE A Blog Cms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23180 HIGH This Week

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload A Blog Cms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23208 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
7.8
EPSS
3.0%
CVE-2024-23182 HIGH This Week

Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal A Blog Cms
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-23212 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-22705 HIGH PATCH This Week

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23204 HIGH This Week

The issue was addressed with additional permissions checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23203 HIGH This Week

The issue was addressed with additional permissions checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-0744 HIGH This Week

In some circumstances, JIT compiled code could have dereferenced a wild pointer value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-0743 HIGH This Week

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-23842 HIGH This Week

Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lguvr 16H Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22772 HIGH This Week

Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lguvr 8H Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22771 HIGH This Week

Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lguvr 4H Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22770 HIGH This Week

Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hvr 16781 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22769 HIGH This Week

Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hvr 8781 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22768 HIGH This Week

Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hvr 4781 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-0587 MEDIUM PATCH This Month

The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Accelerated Mobile Pages
NVD VulDB
CVSS 3.1
6.1
EPSS
2.8%
CVE-2024-23206 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0754 MEDIUM This Month

Some WASM source files could have caused a crash when loaded in devtools. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0753 MEDIUM This Month

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0752 MEDIUM This Month

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Mozilla Apple +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-0747 MEDIUM This Month

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0746 MEDIUM This Month

A Linux user opening the print preview dialog could have caused the browser to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +3
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0741 MEDIUM This Month

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-23219 MEDIUM This Month

The issue was addressed with improved authentication. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os
NVD VulDB
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-23223 MEDIUM This Month

A privacy issue was addressed with improved handling of files. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-23341 MEDIUM PATCH This Month

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuitse Tsusin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy