Skip to main content
CVE-2024-23809 CRITICAL POC Act Now

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-23606 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-23313 CRITICAL POC Act Now

An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-23310 CRITICAL POC Act Now

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-23305 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-22097 CRITICAL POC Act Now

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-21812 CRITICAL POC Act Now

An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-21795 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-22824 CRITICAL POC Act Now

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Timo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1554 CRITICAL POC Act Now

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-24794 CRITICAL POC Act Now

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libdicom
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-24793 CRITICAL POC Act Now

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libdicom
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1651 CRITICAL POC THREAT Act Now

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Torrentpier
NVD GitHub
CVSS 3.1
9.8
EPSS
34.0%
CVE-2024-25198 CRITICAL POC PATCH Act Now

Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Nav2 Robot Operating System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-26135 HIGH POC PATCH This Week

MeshCentral is a full computer management web site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Meshcentral
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-24474 HIGH POC PATCH This Week

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Qemu
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-1644 HIGH POC This Week

Suite CRM version 7.14.2 allows including local php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23830 HIGH POC PATCH This Week

MantisBT is an open source issue tracker. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-25199 HIGH POC PATCH This Week

Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Nav2 Robot Operating System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-1156 HIGH POC This Week

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Data Record Ad Flexlogger G Web Development Software Labview Nxg +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1155 HIGH POC This Week

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Data Record Ad Flexlogger G Web Development Software Labview Nxg +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-1297 HIGH POC This Week

OS command injection in Loomio 2.22.0 allows authenticated high-privilege users to execute arbitrary operating system commands on the underlying server. Publicly available exploit code exists, though there is no public exploit identified as actively used in the wild and the issue is not listed in CISA KEV. EPSS sits at 1.51% (81st percentile), indicating moderate but non-trivial exploitation likelihood.

Command Injection Loomio
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-1648 HIGH POC This Week

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Electron Pdf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1647 HIGH POC This Week

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pyhtml2Pdf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25428 MEDIUM POC This Month

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mrcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-25197 MEDIUM POC This Month

Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nav2 Robot Operating System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-25366 MEDIUM POC This Month

Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
6.2
EPSS
0.9%
CVE-2024-24763 MEDIUM POC This Month

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Jumpserver
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-1551 MEDIUM POC This Month

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-25608 MEDIUM POC PATCH This Month

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-0794 CRITICAL Act Now

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-25274 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-23114 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-21896 CRITICAL Act Now

The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-0715 CRITICAL Act Now

Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.8.7-03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Global Link Manager
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22245 CRITICAL Act Now

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2024-1661 MEDIUM POC This Month

A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass X6000r Firmware
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-25974 MEDIUM POC This Month

The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openolat
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25973 MEDIUM POC This Month

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openolat
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25141 CRITICAL PATCH Act Now

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Airflow Providers Mongo
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-21891 HIGH This Week

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-25606 HIGH PATCH This Week

XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-21678 HIGH This Week

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-1555 HIGH This Week

When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.1
8.3
EPSS
0.5%
CVE-2024-1557 HIGH This Week

Memory safety bugs present in Firefox 122. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-25260 MEDIUM POC This Month

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Elfutils
NVD GitHub
CVSS 3.1
4.0
EPSS
0.3%
CVE-2024-22250 HIGH This Week

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Session Fixation VMware Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22369 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-26581 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2024-23758 HIGH This Week

An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stealth
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy