Skip to main content
CVE-2023-46360 HIGH POC This Week

Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cph2 Echarge Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2024-24593 HIGH POC This Week

A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Clearml
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-24591 HIGH POC PATCH This Week

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Clearml
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-24590 HIGH POC PATCH This Week

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Clearml
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-22520 HIGH POC This Week

An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Drone Scanner
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-22519 HIGH POC This Week

An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opendroneid Osm
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-22773 HIGH POC This Week

Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Action Rf 1200 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-1254 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Byzoro Smart S20 Management Platform up to 20231120. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Smart S20 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
4.6%
CVE-2024-1253 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Smart S40 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-22515 HIGH This Week

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Agent Dvr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-22514 HIGH This Week

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Agent Dvr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-22388 HIGH This Week

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Iclass Se Cp1000 Encoder Firmware Iclass Se Readers Firmware Iclass Se Reader Modules Firmware Iclass Se Processors Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22239 HIGH This Week

Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aria Operations For Networks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22237 HIGH This Week

Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aria Operations For Networks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20819 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20818 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20817 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20813 HIGH This Week

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20812 HIGH This Week

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-24680 HIGH PATCH This Week

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-1255 HIGH This Week

A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sepidzdigitalmenu
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-23673 HIGH PATCH This Week

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Path Traversal Apache Sling Servlets Resolver
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-23304 HIGH This Week

Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Kunai
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20820 HIGH This Week

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy