Skip to main content
CVE-2024-28255 CRITICAL POC THREAT Emergency

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openmetadata
NVD GitHub
CVSS 3.1
9.8
EPSS
73.3%
CVE-2024-28254 HIGH POC THREAT Act Now

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Command Injection Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
45.7%
CVE-2024-28354 CRITICAL POC Act Now

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2024-2478 CRITICAL POC Act Now

A vulnerability was found in BradWenqiang HR 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hr
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25227 CRITICAL POC Act Now

SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Denial Of Service Abo Cms
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28752 CRITICAL POC PATCH Act Now

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf Oncommand Workflow Automation Ontap Tools
NVD
CVSS 3.1
9.3
EPSS
5.8%
CVE-2024-28859 CRITICAL POC PATCH Act Now

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Symfony1
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-28847 HIGH POC PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28253 HIGH POC PATCH THREAT This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
12.5%
CVE-2024-2490 HIGH POC This Week

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2489 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2488 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2487 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2486 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28353 HIGH POC This Week

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-2485 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-27756 HIGH POC This Week

GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Glpi
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-2480 HIGH POC This Week

A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Armhazena
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-28404 HIGH POC This Week

TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2000r Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-26540 HIGH POC This Week

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Cimg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28854 HIGH POC PATCH This Week

tls-listener is a rust lang wrapper around a connection listener to support TLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tls Listener
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-2497 HIGH POC This Week

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical.php of the component HTTP POST Request Handler. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Raspap
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-28318 HIGH POC This Week

gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-2481 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Hostel Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-28319 MEDIUM POC This Month

gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-2514 CRITICAL Act Now

A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2537 CRITICAL Act Now

Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Logi Tune
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-1917 CRITICAL Act Now

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1916 CRITICAL Act Now

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1915 CRITICAL Act Now

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0803 CRITICAL Act Now

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0802 CRITICAL Act Now

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-2204 MEDIUM POC This Month

Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Antilogger
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-2180 MEDIUM POC This Month

Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antilogger
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-28401 MEDIUM POC This Month

TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2000r Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-28403 MEDIUM POC This Month

TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2000r Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1795 HIGH PATCH This Week

The HUSKY - Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Husky Products Filter Professional For Woocommerce
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28848 HIGH PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-2450 HIGH This Week

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2483 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0.php of the component Password Change Handler. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-28851 HIGH PATCH This Week

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Snowflake Hive Metastore Connector
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2482 LOW POC Monitor

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hostel Management System
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.8%
CVE-2024-28242 HIGH PATCH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24827 HIGH PATCH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nginx Denial Of Service Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-28252 HIGH PATCH This Week

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Corewcf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27920 HIGH PATCH This Week

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Command Injection Nuclei
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-25597 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.2.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ultimate Reviews
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27193 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.8.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27192 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27196 HIGH This Week

Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash - custom post order allows Reflected XSS.2.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Postmash
NVD
CVSS 3.1
7.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy