Skip to main content
CVE-2024-25320 CRITICAL POC Act Now

Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24377 CRITICAL POC Act Now

An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Idocview
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-25414 CRITICAL POC Act Now

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Csz Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-25415 HIGH POC THREAT This Week

A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Ce Phoenix Cart
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
27.2%
CVE-2024-25413 HIGH POC This Week

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Improved Import Export
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-22854 MEDIUM POC This Month

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Redirect Threat Visualizer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22426 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell File Upload Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-22425 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0031 CRITICAL PATCH Act Now

In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25627 MEDIUM POC This Month

Alf.io is a free and open source event attendance management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alf
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-21915 HIGH This Week

A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Rockwell Factorytalk Services Platform
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-21775 HIGH This Week

Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2024-25083 HIGH This Week

An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Privilege Management For Windows
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0023 HIGH PATCH This Week

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-0021 HIGH PATCH This Week

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0018 HIGH PATCH This Week

In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0015 HIGH PATCH This Week

In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-25466 HIGH PATCH This Week

Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Google Document Picker
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-0038 HIGH PATCH This Week

In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0036 HIGH PATCH This Week

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0035 HIGH PATCH This Week

In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Privilege Escalation Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0034 HIGH PATCH This Week

In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0033 HIGH PATCH This Week

In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0029 HIGH PATCH This Week

In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0014 HIGH This Week

In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-25628 HIGH This Week

Alf.io is a free and open source event attendance management system. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-0040 HIGH PATCH This Week

In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Information Disclosure Memory Corruption Android
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-0041 HIGH PATCH This Week

In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-21984 MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required.

XSS Storagegrid
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2024-21983 MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Storagegrid
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-24750 MEDIUM PATCH This Month

Undici is an HTTP/1.1 client, written from scratch for Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Undici
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0032 MEDIUM PATCH This Month

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0020 MEDIUM PATCH This Month

In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0017 MEDIUM PATCH This Month

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0030 MEDIUM PATCH This Month

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-21987 MEDIUM This Month

SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Snapcenter
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-0016 MEDIUM PATCH This Month

In multiple locations, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0019 MEDIUM PATCH This Month

In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Denial Of Service Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2024-24758 MEDIUM PATCH This Month

Undici is an HTTP/1.1 client, written from scratch for Node.js. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Undici
NVD GitHub
CVSS 3.1
4.5
EPSS
0.8%
CVE-2024-1591 LOW Monitor

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Privilege Management For Windows
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-0037 LOW PATCH Monitor

In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-23591 LOW Monitor

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Thinksystem Sr670 V2 Firmware
NVD
CVSS 3.1
2.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy