Skip to main content
CVE-2024-22938 HIGH POC This Week

Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Bosscms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22523 HIGH POC This Week

Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ifair
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-23647 HIGH PATCH This Week

Authentik is an open-source Identity Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass CSRF Authentik
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21649 HIGH PATCH This Week

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Vantage6
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-1019 HIGH PATCH This Week

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Modsecurity
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-0674 HIGH This Week

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Douro Firmware Douro Ii Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21803 HIGH This Week

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23838 HIGH PATCH This Week

TrueLayer.NET is the .Net client for TrueLayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Truelayer Net
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1033 HIGH This Week

A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Openbi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-1063 HIGH This Week

Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Appwrite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-0676 HIGH This Week

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Douro Firmware Douro Ii Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-21840 HIGH This Week

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.0.0 through 04.9.2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Storage Plug In
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy