Skip to main content
CVE-2024-28383 CRITICAL POC Act Now

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28388 CRITICAL POC Act Now

SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Comments
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-26503 CRITICAL POC Act Now

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Openeclass
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-25228 HIGH POC THREAT This Week

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Vinchin Backup And Recovery
NVD
CVSS 3.1
8.8
EPSS
25.9%
CVE-2024-27301 HIGH POC PATCH This Week

Support App is an opensource application specialized in managing Apple devices. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple RCE Support App
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-1713 HIGH POC This Week

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Plv8
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-28849 MEDIUM POC PATCH This Month

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Follow Redirects
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-28323 MEDIUM POC This Month

The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28418 MEDIUM POC This Month

Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Webedition Cms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28417 MEDIUM POC This Month

Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Webedition Cms
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-25139 CRITICAL Act Now

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE TP-Link Omada Er605 Firmware
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-28423 CRITICAL Act Now

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Airflow Diagrams
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28391 CRITICAL PATCH Act Now

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation SQLi B2B Quick Order Form
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28390 CRITICAL Act Now

An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ultimateimagetool
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1222 CRITICAL Act Now

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Papercut Mf Papercut Ng
NVD
CVSS 3.1
9.8
EPSS
64.0%
CVE-2024-26475 MEDIUM POC This Month

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-28424 HIGH This Week

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload Zenml
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25652 HIGH This Week

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Secret Server
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2024-22397 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2024-27266 HIGH PATCH This Week

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Maximo Application Suite
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-28181 HIGH PATCH This Week

turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Turboboost Commands
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-28746 HIGH PATCH This Week

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-22346 HIGH PATCH This Week

Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1623 HIGH This Week

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure F St 3686 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0860 HIGH This Week

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edgeaggregator Edgeconnector
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28425 HIGH This Week

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE File Upload Greykite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-28251 HIGH PATCH This Week

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Querybook
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-1882 HIGH This Week

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-1654 HIGH This Week

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-25649 MEDIUM This Month

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Secret Server
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-27986 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-28746 MEDIUM This Month

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-27265 MEDIUM PATCH This Month

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Integration Bus
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23823 MEDIUM PATCH This Month

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Vantage6
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-25156 MEDIUM This Month

A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Goanywhere Managed File Transfer
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1884 MEDIUM This Month

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
37.9%
CVE-2024-2256 MEDIUM PATCH This Month

The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Oik
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2249 MEDIUM PATCH This Month

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress La Studio Element Kit For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1883 MEDIUM This Month

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.1
EPSS
61.5%
CVE-2024-25650 MEDIUM This Month

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Distributed Engine Secret Server
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-1853 MEDIUM This Month

Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0313 MEDIUM This Month

A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0312 MEDIUM This Month

A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0311 MEDIUM This Month

A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-24770 MEDIUM PATCH This Month

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Vantage6
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-24562 MEDIUM PATCH This Month

vantage6-UI is the official user interface for the vantage6 server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Docker Information Disclosure Nginx Vantage6 Ui
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-22396 MEDIUM This Month

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow RCE Buffer Overflow Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-25651 MEDIUM This Month

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22398 MEDIUM This Month

An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-1223 MEDIUM This Month

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Papercut Mf Papercut Ng
NVD
CVSS 3.1
4.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy