Skip to main content
CVE-2024-23128 HIGH This Week

A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23127 HIGH This Week

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23126 HIGH This Week

A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23125 HIGH This Week

A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Autocad Electrical +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23124 HIGH This Week

A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-23123 HIGH This Week

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-23122 HIGH This Week

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Electrical Autocad Mechanical +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-23121 HIGH This Week

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Electrical Autocad Mechanical +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-23120 HIGH This Week

A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-0446 HIGH This Week

A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-0410 HIGH This Week

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-1748 HIGH This Week

A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Autoprognosis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1104 HIGH This Week

An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webserv2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27283 HIGH This Week

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ediscovery Platform
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-26282 HIGH This Week

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Canonical Mozilla Firefox
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-25423 HIGH This Week

An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cinema 4D
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-52447 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-26586 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-25130 MEDIUM PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-26351 MEDIUM This Month

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-25801 MEDIUM This Month

SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS S Museum
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-26578 MEDIUM PATCH This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.2.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Apache Answer
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-0903 MEDIUM PATCH This Month

The User Feedback - Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Userfeedback
NVD VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-25129 MEDIUM This Month

The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Codeql Cli
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-26591 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpf_tracing_prog_attach The following case can cause a crash due to missing attach_btf: 1) load. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26590 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26587 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_init_netdevsim(), which is only called if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26128 MEDIUM PATCH This Month

baserCMS is a website development framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-23349 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Answer
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2024-24817 MEDIUM PATCH This Month

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Calendar
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1525 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22547 MEDIUM This Month

WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ibr 7150 Firmware
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-26281 MEDIUM This Month

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-1053 MEDIUM PATCH This Month

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Event Tickets
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0861 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy