Skip to main content
CVE-2024-25635 HIGH POC This Week

alf.io is an open source ticket reservation system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-26134 HIGH POC PATCH This Week

cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Cbor2 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-25636 HIGH PATCH This Week

Misskey is an open source, decentralized social media platform with ActivityPub support. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misskey
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25982 HIGH PATCH This Week

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-1580 HIGH This Week

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Dav1D Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-25623 HIGH PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Mastodon
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-1635 HIGH PATCH This Week

A vulnerability was found in Undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Active Iq Unified Manager Oncommand Workflow Automation Fuse Integration Camel For Spring Boot +5
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2024-25978 HIGH PATCH This Week

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy