Skip to main content
CVE-2024-24824 HIGH POC PATCH THREAT This Week

Graylog is a free and open log management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Information Disclosure Graylog
NVD GitHub
CVSS 3.1
8.8
EPSS
34.5%
CVE-2024-25201 HIGH POC This Week

Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Espruino
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25200 HIGH POC This Week

Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Espruino
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1118 HIGH PATCH This Week

The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Podlove Subscribe Button
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-20254 HIGH This Week

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-20252 HIGH This Week

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-22022 HIGH This Week

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Recovery Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22012 HIGH This Week

there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-24810 HIGH PATCH This Week

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Wix Toolset
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23448 HIGH PATCH This Week

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Apm Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-24311 HIGH PATCH This Week

Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Multilingual And Multistore Sitemap Pro
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-24304 HIGH PATCH This Week

In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mailjet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20255 HIGH This Week

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway
NVD
CVSS 3.1
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy