Skip to main content
CVE-2024-24767 CRITICAL POC PATCH Act Now

CasaOS-UserService provides user management functionalities to CasaOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Casaos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-24765 CRITICAL POC PATCH Act Now

CasaOS-UserService provides user management functionalities to CasaOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Casaos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-27302 CRITICAL POC PATCH Act Now

go-zero is a web and rpc framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Go Zero
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-2176 HIGH POC This Week

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-2174 HIGH POC THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
12.6%
CVE-2024-2173 HIGH POC THREAT This Week

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
13.6%
CVE-2024-24766 HIGH POC PATCH This Week

CasaOS-UserService provides user management functionalities to CasaOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Casaos Userservice
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-27304 CRITICAL PATCH Act Now

pgx is a PostgreSQL driver and toolkit for Go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgproto3 Pgx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-27307 CRITICAL PATCH Act Now

JSONata is a JSON query and transformation language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution RCE Denial Of Service Jsonata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-27308 CRITICAL PATCH Act Now

Mio is a Metal I/O library for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Denial Of Service Memory Corruption Mio +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-26580 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache InLong.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Inlong
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-2216 HIGH This Week

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins Docker Build Step
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-28160 HIGH This Week

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Icescrum
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-27287 HIGH PATCH This Week

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Esphome
NVD GitHub
CVSS 3.1
8.7
EPSS
0.7%
CVE-2024-27289 HIGH PATCH This Week

pgx is a PostgreSQL driver and toolkit for Go. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-20337 HIGH This Week

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Secure Client
NVD
CVSS 3.1
8.2
EPSS
29.9%
CVE-2024-27915 HIGH PATCH This Week

Sulu is a PHP content management system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PHP Sulu
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-28157 HIGH This Week

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Gitbucket
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-2005 HIGH This Week

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Blue Planet Inventory
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-25102 HIGH This Week

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-26625 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Debian Intel Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-25817 HIGH PATCH This Week

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Eza
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33677 HIGH This Week

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-28110 HIGH PATCH This Week

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Go Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27917 HIGH PATCH This Week

Shopware is an open commerce platform based on Symfony Framework and Vue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-25111 HIGH PATCH This Week

Squid is a web proxy cache. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Fedora Bluexp
NVD GitHub
CVSS 3.1
7.5
EPSS
65.3%
CVE-2024-24761 HIGH PATCH This Week

Galette is a membership management web application for non profit organizations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Galette
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-1220 HIGH This Week

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Nport W2150A Firmware Nport W2250A Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-22889 HIGH This Week

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Plone
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27303 HIGH PATCH This Week

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Apple Information Disclosure Microsoft Electron Builder
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-20338 HIGH This Week

A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Secure Client
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-27288 LOW POC PATCH Monitor

1Panel is an open source Linux server operation and maintenance management panel. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass 1panel
NVD GitHub
CVSS 3.1
3.1
EPSS
0.5%
CVE-2024-1224 HIGH This Week

This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-28111 MEDIUM PATCH This Month

Canarytokens helps track activity and actions on a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Canarytokens
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-28154 MEDIUM PATCH This Month

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Mq Notifier
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-28149 MEDIUM PATCH This Month

Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Html Publisher
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-20345 MEDIUM This Month

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cisco Information Disclosure Path Traversal Appdynamics Controller
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-20336 MEDIUM This Month

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Wap121 Firmware +11
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-20335 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Command Injection Wap121 Firmware Wap125 Firmware +10
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-1989 MEDIUM PATCH This Month

The Social Sharing Plugin - Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sassy Social Share
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-28152 MEDIUM PATCH This Month

In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account". Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Bitbucket Branch Source
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-25103 MEDIUM This Month

This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-20301 MEDIUM This Month

A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Microsoft Duo Authentication For Windows Logon And Rdp
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-2215 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Docker Jenkins Docker Build Step
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2211 MEDIUM This Month

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gophish
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2236 MEDIUM This Month

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2024-28174 MEDIUM This Month

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.8
EPSS
0.3%
CVE-2024-20292 MEDIUM This Month

A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Microsoft Duo Authentication For Windows Logon And Rdp
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-26627 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called &. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26626 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: [ 86.305548] BUG: kernel NULL pointer dereference,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy