Skip to main content
CVE-2024-21492 HIGH POC This Week

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Google Caddy Security
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-25468 HIGH POC This Week

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Denial Of Service X5000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-25298 HIGH POC This Week

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-20953 HIGH KEV THREAT This Week

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Oracle Agile Product Lifecycle Management
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2024-20927 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-22727 HIGH This Week

Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trb140 Firmware Trb141 Firmware Trb142 Firmware Trb143 Firmware +1
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-20931 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
59.7%
CVE-2024-20917 HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20909 HIGH This Week

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Oracle Audit Vault And Database Firewall
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20956 HIGH This Week

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Agile Product Lifecycle Management For Process
NVD
CVSS 3.1
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy