Skip to main content
CVE-2024-25450 HIGH POC This Week

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imlib2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25448 HIGH POC This Week

An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Imlib2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25447 HIGH POC This Week

An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Imlib2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25318 HIGH POC This Week

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25310 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25313 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-25312 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25309 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25308 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25306 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25305 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-25304 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-24820 HIGH POC This Week

Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Icinga
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-25446 HIGH POC This Week

An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Hugin
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-25445 HIGH POC This Week

Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hugin
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25443 HIGH POC This Week

An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Hugin
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25442 HIGH POC This Week

An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Hugin
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23749 HIGH POC This Week

KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Kitty
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
4.7%
CVE-2024-25004 HIGH POC This Week

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Kitty
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2024-25003 HIGH POC This Week

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Kitty
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2023-6724 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.0, for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Google Hearing Tracking System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-25677 HIGH This Week

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Min
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-24819 HIGH PATCH This Week

icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Icingaweb2 Module Incubator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-24828 HIGH This Week

pkg is tool design to bundle Node.js projects into an executables. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Node.js Pkg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23639 HIGH PATCH This Week

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Micronaut
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0842 HIGH PATCH This Week

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service WordPress PHP Backuply
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23327 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23325 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23324 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-23322 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1404 HIGH This Week

A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24825 HIGH PATCH This Week

DIRAC is a distributed resource framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dirac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy