Skip to main content
CVE-2024-24301 HIGH POC This Week

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eap 767 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-25165 HIGH POC This Week

A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-25618 HIGH POC PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Microsoft Mastodon
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-25301 HIGH POC This Week

Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-25213 HIGH POC This Week

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-25212 HIGH POC This Week

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-0008 HIGH This Week

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0568 HIGH This Week

CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rmnf22Tb30 Firmware Renf22R2Mmw Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23789 HIGH This Week

Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-23783 HIGH This Week

Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-22093 HIGH This Week

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
8.7
EPSS
0.8%
CVE-2024-1485 HIGH PATCH This Week

A flaw was found in the decompression function of registry-support. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Registry Support Openshift Openshift Developer Tools And Services
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-23788 HIGH This Week

Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-24697 HIGH This Week

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Vdi Windows Meeting Clients +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25617 HIGH PATCH This Week

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Bluexp
NVD GitHub
CVSS 3.1
7.5
EPSS
88.9%
CVE-2024-24990 HIGH This Week

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Nginx Memory Corruption Nginx Open Source +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-24989 HIGH This Week

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Nginx Denial Of Service Nginx Open Source Nginx Plus
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-24775 HIGH This Week

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager +9
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23982 HIGH This Week

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23979 HIGH This Week

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23805 HIGH This Week

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23314 HIGH This Week

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23308 HIGH This Week

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21849 HIGH This Week

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21789 HIGH This Week

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21771 HIGH This Week

For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21763 HIGH This Week

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1367 HIGH This Week

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Security Center
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-22389 HIGH This Week

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-23306 HIGH This Week

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Next Cloud Native Network Functions
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy