Skip to main content
CVE-2024-25247 CRITICAL POC Act Now

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP B2B2C Multi Business
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25248 CRITICAL POC Act Now

SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi B2B2C Multi Business
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-27456 CRITICAL POC PATCH Act Now

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rack Cors Middleware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-21802 HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggering a heap-based buffer overflow in the GGUF library's info->ne handling. Publicly available exploit code exists, though EPSS estimates exploitation probability at 0.48% (65th percentile), reflecting moderate but not widespread targeting risk against this AI inference runtime.

RCE Buffer Overflow Heap Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21825 HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) is possible when a victim loads a malicious .gguf model file, triggering a heap-based buffer overflow in the GGUF library's GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing routines. Publicly available exploit code exists, though EPSS rates near-term mass exploitation probability as low (0.19%, 41st percentile) and the issue is not listed in CISA KEV.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-23605 HIGH POC This Week

Remote code execution in llama.cpp (GGUF library) allows attackers to achieve arbitrary code execution by tricking a user into loading a maliciously crafted .gguf model file, exploiting a heap-based buffer overflow in the header.n_kv parsing logic at commit 18c2e17. Publicly available exploit code exists, though EPSS rates real-world exploitation probability low at 0.15% (35th percentile), reflecting the user-interaction requirement. The flaw was reported by Cisco Talos and impacts confidentiality, integrity, and availability of any system loading untrusted GGUF models.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-23496 HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) occurs when the GGUF library's gguf_fread_str function parses a maliciously crafted .gguf model file, triggering a heap-based buffer overflow rooted in integer overflow handling (CWE-190). Any user or service loading an untrusted GGUF model into a vulnerable llama.cpp build can be compromised, with publicly available exploit code increasing accessibility despite a low EPSS score of 0.15%.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-21836 HIGH POC This Week

Heap-based buffer overflow in llama.cpp's GGUF library header parser (commit 18c2e17) enables code execution when a victim loads a maliciously crafted .gguf model file. The CWE-190 integer overflow in the n_tensors field corrupts heap allocations, leading to attacker-controlled memory writes. Publicly available exploit code exists, though EPSS remains low at 0.15% (35th percentile), and there is no public exploit identified as actively used per CISA KEV.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-27081 HIGH POC PATCH This Week

ESPHome is a system to control your ESP8266/ESP32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Esphome
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-1875 HIGH POC This Week

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical.php of the component Lodge Complaint Section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complaint Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-0439 HIGH POC PATCH This Week

As a manager, you should not be able to modify a series of settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Anythingllm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-22873 HIGH POC This Week

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Blueking Configuration Management Database
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-0243 HIGH POC PATCH This Week

With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Python Langchain
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-27093 HIGH POC PATCH This Week

Minder is a Software Supply Chain Security Platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Minder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-26455 HIGH POC This Week

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Fluent Bit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25768 HIGH POC This Week

OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Opendmarc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27454 HIGH POC PATCH This Week

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Orjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23837 HIGH POC PATCH This Week

LibHTP is a security-aware parser for the HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libhtp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-0455 HIGH POC PATCH This Week

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ```. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Anythingllm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-25767 MEDIUM POC This Month

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Nanomq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25410 MEDIUM POC PATCH This Month

flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Flusity
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0798 MEDIUM POC PATCH This Month

A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Anythingllm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0440 MEDIUM POC PATCH This Month

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Anythingllm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25913 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Moveto
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-25925 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.5.12. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Easy Checkout Field Editor
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-25344 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP XSS Itflow
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-25909 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.7.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Media Folder
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-27350 MEDIUM POC This Month

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Fire Os
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-25751 CRITICAL Act Now

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-24402 CRITICAL Act Now

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2024-24401 CRITICAL Act Now

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP RCE Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
45.9%
CVE-2024-27447 CRITICAL PATCH Act Now

pretix before 2024.1.1 mishandles file validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pretix
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-27444 CRITICAL PATCH Act Now

langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Langchain Experimental
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1885 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Webos Signage
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1876 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Employee Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-27088 MEDIUM POC PATCH This Month

es5-ext contains ECMAScript 5 extensions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Es5 Ext
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-25763 MEDIUM POC This Month

openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Opennds
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-26149 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-24564 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-1899 MEDIUM POC This Month

An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Showdown
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-27455 CRITICAL Act Now

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-1735 CRITICAL PATCH Act Now

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Armeria
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-1710 HIGH This Week

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Addon Library
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-1889 HIGH This Week

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Clcon 10 Firmware Clcon S 10 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-1886 HIGH This Week

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webos Signage
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1878 HIGH This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Employee Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1877 HIGH This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Employee Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-25770 MEDIUM POC This Month

libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libming
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-23839 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Suricata Memory Corruption Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-27359 HIGH This Week

Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy