Skip to main content
CVE-2024-25625 CRITICAL POC PATCH Act Now

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Admin Classic Bundle
NVD GitHub
CVSS 3.1
9.3
EPSS
0.7%
CVE-2024-1638 CRITICAL POC Act Now

The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-25635 HIGH POC This Week

alf.io is an open source ticket reservation system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-26134 HIGH POC PATCH This Week

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Cbor2 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-25634 MEDIUM POC This Month

alf.io is an open source ticket reservation system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-25626 CRITICAL Act Now

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Yocto
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-1344 CRITICAL Act Now

Encrypted database credentials in LaborOfficeFree affecting version 19.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Laborofficefree
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-24722 CRITICAL Act Now

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 12Dsynergy File Replication Server
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-25636 HIGH PATCH This Week

Misskey is an open source, decentralized social media platform with ActivityPub support. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misskey
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25982 HIGH PATCH This Week

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-1580 HIGH This Week

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dav1D Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-25623 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Mastodon
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-1635 HIGH PATCH This Week

A vulnerability was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Active Iq Unified Manager Oncommand Workflow Automation Fuse Integration Camel For Spring Boot +5
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2024-25978 HIGH PATCH This Week

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-26318 MEDIUM PATCH This Month

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Serenity
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26328 MEDIUM This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2024-1346 MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1345 MEDIUM This Month

Weak MySQL database root password in LaborOfficeFree affects version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1343 MEDIUM This Month

A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Laborofficefree
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-26308 MEDIUM PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.21 before 1.26. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Commons Compress
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2024-25710 MEDIUM PATCH This Month

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.3 through 1.25.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Commons Compress
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-25640 MEDIUM This Month

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS Iris
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-26129 MEDIUM PATCH This Month

PrestaShop is an open-source e-commerce platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Prestashop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25983 MEDIUM PATCH This Month

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25981 MEDIUM PATCH This Month

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25980 MEDIUM PATCH This Month

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-25979 MEDIUM PATCH This Month

The URL parameters accepted by forum search were not limited to the allowed parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-26327 MEDIUM PATCH This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-1633 LOW Monitor

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow Arm Trusted Firmware
NVD
CVSS 3.1
2.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy