Skip to main content
CVE-2024-27199 HIGH POC KEV THREAT Act Now

Path traversal in JetBrains TeamCity before 2023.11.4 enables remote attackers to perform a limited set of administrative actions by bypassing authentication controls on specific endpoints. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and carries an EPSS score of 82.47% (99th percentile), placing it among the highest-probability exploitation targets currently tracked.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
82.5%
Threat
6.9
CVE-2024-27198 CRITICAL POC KEV THREAT Emergency

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teamcity
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2024-20017 CRITICAL POC THREAT Act Now

In wlan service, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Software Development Kit Openwrt
NVD
CVSS 3.1
9.8
EPSS
46.3%
CVE-2024-2154 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Mobile Store Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2153 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Mobile Store Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2152 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Mobile Store Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28088 HIGH POC PATCH This Week

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Langchain
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-47107 HIGH POC This Week

Buffer overflow in the Linux kernel NFS server (NFSD) READDIR handler allows a malicious NFS client to trigger an out-of-bounds write by sending a crafted READDIR request with an undersized count argument. The flaw stems from an integer underflow in the init_dirlist buffer size calculation introduced when entry encoders were refactored, and affects Linux kernel 5.16 release candidates (rc1-rc6). Publicly available exploit code exists, though EPSS scores exploitation probability at only 0.02%.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-1936 HIGH POC This Week

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Thunderbird Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27694 HIGH POC This Week

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-2168 HIGH POC This Week

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-1316 MEDIUM POC This Month

The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Event Tickets
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27680 MEDIUM POC This Month

Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form.". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27668 MEDIUM POC This Month

Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2048 CRITICAL PATCH Act Now

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault Openbao
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-20018 CRITICAL Act Now

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Software Development Kit
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2156 CRITICAL Act Now

A vulnerability was found in SourceCodester Best POS Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Best Pos Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2151 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Mobile Store Management System
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22463 CRITICAL Act Now

Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-27889 HIGH This Week

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ng Firewall
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2024-20029 HIGH This Week

In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-1319 MEDIUM POC This Month

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Event Tickets
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-20005 HIGH This Week

In da, there is a possible permission bypass due to a missing permission check. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-20027 HIGH This Week

In da, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2024-22452 HIGH This Week

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple RCE Dell Display And Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0156 HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Dell Buffer Overflow RCE Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0155 HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26622 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20034 HIGH This Week

In battery, there is a possible escalation of privilege due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-20037 MEDIUM This Month

In pq, there is a possible write-what-where condition due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20032 MEDIUM This Month

In aee, there is a possible permission bypass due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20031 MEDIUM This Month

In da, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20025 MEDIUM This Month

In da, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20023 MEDIUM This Month

In flashc, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20022 MEDIUM This Month

In lk, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Yocto Rdkb +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20028 MEDIUM This Month

In da, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-27684 MEDIUM This Month

A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link XSS Go Rt Ac750 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-20024 MEDIUM This Month

In flashc, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-20019 MEDIUM This Month

In wlan driver, there is a possible memory leak due to improper input handling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Denial Of Service Software Package
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-21826 MEDIUM PATCH This Month

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21816 MEDIUM PATCH This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20036 MEDIUM This Month

In vdec, there is a possible permission bypass due to a permissions bypass. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20033 MEDIUM This Month

In nvram, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20030 MEDIUM This Month

In da, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20020 MEDIUM This Month

In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-2155 MEDIUM This Month

A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Best Pos Management System
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-20026 MEDIUM This Month

In da, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-20038 LOW Monitor

In pq, there is a possible out of bounds read due to an incorrect bounds check. Rated low severity (CVSS 3.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
3.4
EPSS
0.1%
CVE-2024-24901 LOW Monitor

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
2.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy