Skip to main content
CVE-2024-23724 CRITICAL POC PATCH Act Now

Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation XSS Ghost
NVD GitHub
CVSS 3.1
9.0
EPSS
3.5%
CVE-2024-25419 HIGH POC This Week

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-25418 HIGH POC This Week

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-25417 HIGH POC This Week

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-21875 MEDIUM POC This Month

Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.1.0. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hacker Hotel Badge 2024
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1431 MEDIUM POC This Month

A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R7000 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-25722 CRITICAL PATCH Act Now

qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Qanything
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25718 CRITICAL PATCH Act Now

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Samly
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25714 CRITICAL PATCH Act Now

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Rhonabwy Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1430 MEDIUM POC This Month

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-25728 HIGH This Week

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Expressvpn
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25715 MEDIUM PATCH This Month

Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Glewlwyd Sso Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1151 MEDIUM PATCH This Month

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Linux Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-1432 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic.py. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.6%
CVE-2024-1433 LOW PATCH Monitor

A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Plasma Workspace
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy