Skip to main content
CVE-2024-1708 HIGH POC KEV THREAT Act Now

Path traversal in ConnectWise ScreenConnect 23.9.7 and earlier enables attackers with administrative privileges to write files outside intended directories, leading to remote code execution or direct compromise of confidential data and critical systems. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and the EPSS score of 53.66% (98th percentile) reflects extremely high real-world exploitation activity. It was disclosed alongside the more severe CVE-2024-1709 authentication bypass, which together formed a widely abused exploit chain against ScreenConnect on-premises servers in early 2024.

Path Traversal
NVD VulDB
CVSS 3.1
8.4
EPSS
53.7%
Threat
6.3
CVE-2024-1675 HIGH POC THREAT This Week

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
10.4%
CVE-2024-1673 HIGH POC This Week

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1669 HIGH POC This Week

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-25892 HIGH POC This Week

ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-1704 HIGH POC This Week

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Crmeb
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-23346 HIGH POC PATCH This Week

Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Python Command Injection Pymatgen
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
3.8%
CVE-2024-25891 HIGH POC This Week

ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22778 HIGH POC This Week

HackMD CodiMD <2.5.2 is vulnerable to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Codimd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1674 HIGH This Week

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1705 HIGH This Week

A vulnerability was found in Shopwind up to 4.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection PHP RCE Shopwind
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-26582 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26147 HIGH PATCH This Week

Helm is a package manager for Charts for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes Helm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-25461 HIGH This Week

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Crm Creatio
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-24479 HIGH PATCH This Week

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Wireshark Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-24476 HIGH PATCH This Week

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Fedora Wireshark
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-22473 HIGH This Week

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Gecko Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-26130 HIGH PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Python Denial Of Service Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24478 HIGH PATCH This Week

An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-23654 HIGH PATCH This Week

discourse-ai is the AI plugin for the open-source discussion platform Discourse. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Ai
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-24843 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.10.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Powerpack Addons For Elementor Elementor
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-20325 HIGH This Week

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Intelligence Center
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-1714 HIGH This Week

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Identityiq
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy