Skip to main content
CVE-2024-26135 HIGH POC PATCH This Week

MeshCentral is a full computer management web site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Meshcentral
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-24474 HIGH POC PATCH This Week

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Qemu
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-1644 HIGH POC This Week

Suite CRM version 7.14.2 allows including local php files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23830 HIGH POC PATCH This Week

MantisBT is an open source issue tracker. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-25199 HIGH POC PATCH This Week

Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Nav2 Robot Operating System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-1156 HIGH POC This Week

Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Data Record Ad Flexlogger G Web Development Software Labview Nxg +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1155 HIGH POC This Week

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Data Record Ad Flexlogger G Web Development Software Labview Nxg +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-1297 HIGH POC This Week

OS command injection in Loomio 2.22.0 allows authenticated high-privilege users to execute arbitrary operating system commands on the underlying server. Publicly available exploit code exists, though there is no public exploit identified as actively used in the wild and the issue is not listed in CISA KEV. EPSS sits at 1.51% (81st percentile), indicating moderate but non-trivial exploitation likelihood.

Command Injection Loomio
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-1648 HIGH POC This Week

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Electron Pdf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1647 HIGH POC This Week

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pyhtml2Pdf
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21891 HIGH This Week

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-25606 HIGH PATCH This Week

XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-21678 HIGH This Week

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-1555 HIGH This Week

When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.1
8.3
EPSS
0.5%
CVE-2024-1557 HIGH This Week

Memory safety bugs present in Firefox 122. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-22250 HIGH This Week

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Session Fixation VMware Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22369 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-26581 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2024-23758 HIGH This Week

An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stealth
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-26136 HIGH PATCH This Week

kedi ElectronCord is a bot management tool for Discord. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass Information Disclosure Electroncord
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22054 HIGH This Week

A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ubiquiti
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1552 HIGH This Week

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1546 HIGH This Week

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Thunderbird +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25607 HIGH PATCH This Week

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-1608 HIGH This Week

In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Usercenter Credit Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22019 HIGH This Week

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Denial Of Service Node Js Astra Control Center
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2024-22234 HIGH PATCH This Week

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Java Spring Security
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2024-21682 HIGH This Week

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Assets Discovery Data Center
NVD
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy