Skip to main content
CVE-2024-27657 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-27656 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27655 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-25832 HIGH POC THREAT This Week

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Datacube3
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
12.8%
CVE-2024-22939 HIGH POC This Week

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-1939 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-1938 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-25713 HIGH POC This Week

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Yyjson Fedora
NVD GitHub
CVSS 3.1
8.6
EPSS
1.8%
CVE-2024-26470 HIGH POC This Week

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Net 9 Starter Kit
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-26461 HIGH POC This Week

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-26141 HIGH POC PATCH This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rack Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-25126 HIGH POC PATCH THREAT This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rack Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
35.4%
CVE-2024-1928 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Student Clearance System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-1468 HIGH This Week

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Avada
NVD VulDB
CVSS 3.1
8.8
EPSS
3.6%
CVE-2024-1206 HIGH PATCH This Week

The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Recipe Maker Bootstrap
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1317 HIGH PATCH This Week

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-1619 HIGH This Week

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23519 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.9.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Email Before Download
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-20321 HIGH This Week

A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-20267 HIGH This Week

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2024-25262 HIGH This Week

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-25006 HIGH This Week

XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Xenforo
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-27294 HIGH PATCH This Week

dp-golang is a Puppet module for Go installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Apple Information Disclosure Dp Golang
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1595 HIGH This Week

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cncsoft B Dopsoft
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20765 HIGH This Week

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-26131 HIGH PATCH This Week

Element Android is an Android Matrix Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Google Element
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-1470 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Microsoft Client Login Extension
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1217 HIGH PATCH This Week

The Contact Form builder with drag & drop for WordPress - Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Contact Form Builder
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-2009 HIGH This Week

A vulnerability was found in Nway Pro 9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Nway Pro
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27284 HIGH PATCH This Week

cassandra-rs is a Cassandra (CQL) driver for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Cassandra Rs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23302 HIGH This Week

Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-26146 HIGH PATCH This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rack Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-0702 HIGH This Week

The Oliver POS - A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Authentication Bypass Oliver Pos
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-25093 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gd Rating System
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-21752 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.11.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Ajax Search
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-1437 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adsmonetizer
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-50905 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0068 HIGH This Week

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.7.1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Workforce Access
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy