Skip to main content
CVE-2024-2073 HIGH POC This Week

A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Block Inserter For Dynamic Content
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-27689 HIGH POC This Week

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stupid Simple Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-27497 HIGH POC THREAT This Week

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Linksys E2000 Firmware
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2024-0692 HIGH POC THREAT This Week

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Security Event Manager
NVD
CVSS 3.1
8.8
EPSS
91.6%
CVE-2024-27295 HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-27572 HIGH POC This Week

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27571 HIGH POC This Week

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27570 HIGH POC This Week

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1859 HIGH PATCH This Week

The Slider Responsive Slideshow - Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure WordPress Slider Responsive Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22457 HIGH PATCH This Week

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-25386 HIGH This Week

Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-22182 HIGH This Week

A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-25972 HIGH This Week

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-1174 HIGH This Week

Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow HP
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-24903 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Authentication Bypass Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-1453 HIGH This Week

In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25552 HIGH This Week

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Com Port Redirector Legacy Com Port Redirector Plug Play Opc Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-25578 HIGH This Week

MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Dicom Viewer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22100 HIGH This Week

MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Dicom Viewer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-1941 HIGH This Week

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-24907 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24905 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24904 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24906 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-1869 HIGH This Week

Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure Cq893C Firmware Cq891C Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-2076 HIGH This Week

A vulnerability was found in CodeAstro House Rental Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP House Rental Management System
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-27139 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-27138 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-24900 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-2062 HIGH This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-2061 HIGH This Week

A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-2060 HIGH This Week

A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-2059 HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-2058 HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy