Skip to main content
CVE-2024-2176 HIGH POC This Week

Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-2174 HIGH POC THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
12.6%
CVE-2024-2173 HIGH POC THREAT This Week

Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
13.6%
CVE-2024-24766 HIGH POC PATCH This Week

CasaOS-UserService provides user management functionalities to CasaOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Casaos Userservice
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-2216 HIGH This Week

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker Jenkins Docker Build Step
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-28160 HIGH This Week

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Icescrum
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-27287 HIGH PATCH This Week

ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Esphome
NVD GitHub
CVSS 3.1
8.7
EPSS
0.7%
CVE-2024-27289 HIGH PATCH This Week

pgx is a PostgreSQL driver and toolkit for Go. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-20337 HIGH This Week

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Secure Client
NVD
CVSS 3.1
8.2
EPSS
29.9%
CVE-2024-27915 HIGH PATCH This Week

Sulu is a PHP content management system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass PHP Sulu
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-28157 HIGH This Week

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Gitbucket
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-2005 HIGH This Week

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Blue Planet Inventory
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-25102 HIGH This Week

This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-26625 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Debian Intel Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-25817 HIGH PATCH This Week

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Eza
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33677 HIGH This Week

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-28110 HIGH PATCH This Week

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Go Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27917 HIGH PATCH This Week

Shopware is an open commerce platform based on Symfony Framework and Vue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis PHP Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-25111 HIGH PATCH This Week

Squid is a web proxy cache. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Fedora Bluexp
NVD GitHub
CVSS 3.1
7.5
EPSS
65.3%
CVE-2024-24761 HIGH PATCH This Week

Galette is a membership management web application for non profit organizations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Galette
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-1220 HIGH This Week

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Nport W2150A Firmware Nport W2250A Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-22889 HIGH This Week

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Plone
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27303 HIGH PATCH This Week

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Apple Information Disclosure Microsoft Electron Builder
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-20338 HIGH This Week

A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Secure Client
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-1224 HIGH This Week

This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy