Skip to main content
CVE-2024-23222 HIGH POC KEV THREAT Act Now

Arbitrary code execution in Apple WebKit affects Safari and the system browser engine across iOS, iPadOS, macOS, tvOS, and visionOS, where a type confusion flaw allows attackers to execute code via maliciously crafted web content. The vulnerability is confirmed actively exploited (CISA KEV) and was used in the Coruna exploit chain against older iOS devices before being backported to legacy versions. EPSS sits at 0.62% (70th percentile), consistent with targeted exploitation rather than mass scanning.

Apple RCE Memory Corruption
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-23342 HIGH POC This Week

The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Ecdsa
NVD GitHub
CVSS 3.1
7.4
EPSS
1.0%
CVE-2024-23209 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23213 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +4
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23214 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-0755 HIGH This Week

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Buffer Overflow Mozilla Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-0751 HIGH This Week

A malicious devtools extension could have been used to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-0750 HIGH This Week

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-0745 HIGH This Week

The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23348 HIGH This Week

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE A Blog Cms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23180 HIGH This Week

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload A Blog Cms
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23208 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
7.8
EPSS
3.0%
CVE-2024-23182 HIGH This Week

Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal A Blog Cms
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-23212 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-22705 HIGH PATCH This Week

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23204 HIGH This Week

The issue was addressed with additional permissions checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23203 HIGH This Week

The issue was addressed with additional permissions checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-0744 HIGH This Week

In some circumstances, JIT compiled code could have dereferenced a wild pointer value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-0743 HIGH This Week

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-23842 HIGH This Week

Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lguvr 16H Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22772 HIGH This Week

Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lguvr 8H Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22771 HIGH This Week

Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lguvr 4H Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22770 HIGH This Week

Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hvr 16781 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22769 HIGH This Week

Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hvr 8781 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22768 HIGH This Week

Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hvr 4781 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy