Skip to main content
CVE-2024-25228 HIGH POC THREAT This Week

Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Vinchin Backup And Recovery
NVD
CVSS 3.1
8.8
EPSS
25.9%
CVE-2024-27301 HIGH POC PATCH This Week

Support App is an opensource application specialized in managing Apple devices. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple RCE Support App
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-1713 HIGH POC This Week

A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Plv8
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-28424 HIGH This Week

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload Zenml
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25652 HIGH This Week

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Secret Server
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2024-22397 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.3
EPSS
1.1%
CVE-2024-27266 HIGH PATCH This Week

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Maximo Application Suite
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-28181 HIGH PATCH This Week

turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Turboboost Commands
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-28746 HIGH PATCH This Week

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-22346 HIGH PATCH This Week

Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1623 HIGH This Week

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure F St 3686 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0860 HIGH This Week

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edgeaggregator Edgeconnector
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28425 HIGH This Week

greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE File Upload Greykite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-28251 HIGH PATCH This Week

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Querybook
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-1882 HIGH This Week

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-1654 HIGH This Week

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.2
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy