Skip to main content
CVE-2024-21802 HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggering a heap-based buffer overflow in the GGUF library's info->ne handling. Publicly available exploit code exists, though EPSS estimates exploitation probability at 0.48% (65th percentile), reflecting moderate but not widespread targeting risk against this AI inference runtime.

RCE Buffer Overflow Heap Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21825 HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) is possible when a victim loads a malicious .gguf model file, triggering a heap-based buffer overflow in the GGUF library's GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing routines. Publicly available exploit code exists, though EPSS rates near-term mass exploitation probability as low (0.19%, 41st percentile) and the issue is not listed in CISA KEV.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-23605 HIGH POC This Week

Remote code execution in llama.cpp (GGUF library) allows attackers to achieve arbitrary code execution by tricking a user into loading a maliciously crafted .gguf model file, exploiting a heap-based buffer overflow in the header.n_kv parsing logic at commit 18c2e17. Publicly available exploit code exists, though EPSS rates real-world exploitation probability low at 0.15% (35th percentile), reflecting the user-interaction requirement. The flaw was reported by Cisco Talos and impacts confidentiality, integrity, and availability of any system loading untrusted GGUF models.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-23496 HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) occurs when the GGUF library's gguf_fread_str function parses a maliciously crafted .gguf model file, triggering a heap-based buffer overflow rooted in integer overflow handling (CWE-190). Any user or service loading an untrusted GGUF model into a vulnerable llama.cpp build can be compromised, with publicly available exploit code increasing accessibility despite a low EPSS score of 0.15%.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-21836 HIGH POC This Week

Heap-based buffer overflow in llama.cpp's GGUF library header parser (commit 18c2e17) enables code execution when a victim loads a maliciously crafted .gguf model file. The CWE-190 integer overflow in the n_tensors field corrupts heap allocations, leading to attacker-controlled memory writes. Publicly available exploit code exists, though EPSS remains low at 0.15% (35th percentile), and there is no public exploit identified as actively used per CISA KEV.

RCE Integer Overflow Buffer Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-27081 HIGH POC PATCH This Week

ESPHome is a system to control your ESP8266/ESP32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Esphome
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-1875 HIGH POC This Week

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical.php of the component Lodge Complaint Section. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complaint Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-0439 HIGH POC PATCH This Week

As a manager, you should not be able to modify a series of settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Anythingllm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-22873 HIGH POC This Week

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Blueking Configuration Management Database
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-0243 HIGH POC PATCH This Week

With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Python Langchain
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-27093 HIGH POC PATCH This Week

Minder is a Software Supply Chain Security Platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Minder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-26455 HIGH POC This Week

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Fluent Bit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25768 HIGH POC This Week

OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Opendmarc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27454 HIGH POC PATCH This Week

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Orjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23837 HIGH POC PATCH This Week

LibHTP is a security-aware parser for the HTTP protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libhtp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-0455 HIGH POC PATCH This Week

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ```. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Anythingllm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1710 HIGH This Week

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Addon Library
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-1889 HIGH This Week

Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Clcon 10 Firmware Clcon S 10 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-1886 HIGH This Week

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Webos Signage
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1878 HIGH This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Employee Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1877 HIGH This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Employee Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-23839 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Suricata Memory Corruption Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-27359 HIGH This Week

Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23836 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Suricata Denial Of Service Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23835 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Suricata Denial Of Service Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-22371 HIGH PATCH This Week

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Camel
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-22201 HIGH PATCH This Week

Jetty is a Java based web server and servlet engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jetty Debian Linux Active Iq Unified Manager +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-1622 HIGH This Week

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-24714 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.1.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Icons Font Loader
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy