Skip to main content
CVE-2024-23809 CRITICAL POC Act Now

A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-23606 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-23313 CRITICAL POC Act Now

An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-23310 CRITICAL POC Act Now

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-23305 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-22097 CRITICAL POC Act Now

A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-21812 CRITICAL POC Act Now

An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-21795 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-22824 CRITICAL POC Act Now

An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Timo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1554 CRITICAL POC Act Now

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-24794 CRITICAL POC Act Now

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libdicom
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-24793 CRITICAL POC Act Now

A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libdicom
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1651 CRITICAL POC THREAT Act Now

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Torrentpier
NVD GitHub
CVSS 3.1
9.8
EPSS
34.0%
CVE-2024-25198 CRITICAL POC PATCH Act Now

Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Nav2 Robot Operating System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-0794 CRITICAL Act Now

Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-25274 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-23114 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-21896 CRITICAL Act Now

The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-0715 CRITICAL Act Now

Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.8.7-03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Global Link Manager
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22245 CRITICAL Act Now

Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2024-25141 CRITICAL PATCH Act Now

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Airflow Providers Mongo
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy