Skip to main content
CVE-2024-28254 HIGH POC THREAT Act Now

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Command Injection Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
45.7%
CVE-2024-28847 HIGH POC PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28253 HIGH POC PATCH THREAT This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
12.5%
CVE-2024-2490 HIGH POC This Week

A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2489 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2488 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2487 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2486 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28353 HIGH POC This Week

There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 827Dru Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-2485 HIGH POC This Week

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-27756 HIGH POC This Week

GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Glpi
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-2480 HIGH POC This Week

A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Armhazena
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-28404 HIGH POC This Week

TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2000r Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-26540 HIGH POC This Week

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Cimg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28854 HIGH POC PATCH This Week

tls-listener is a rust lang wrapper around a connection listener to support TLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tls Listener
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-2497 HIGH POC This Week

A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical.php of the component HTTP POST Request Handler. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Raspap
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-28318 HIGH POC This Week

gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-1795 HIGH PATCH This Week

The HUSKY - Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Husky Products Filter Professional For Woocommerce
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28848 HIGH PATCH This Week

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Openmetadata
NVD GitHub
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-2450 HIGH This Week

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-28851 HIGH PATCH This Week

The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Snowflake Hive Metastore Connector
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28242 HIGH PATCH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24827 HIGH PATCH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Nginx Denial Of Service Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-28252 HIGH PATCH This Week

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Corewcf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27920 HIGH PATCH This Week

projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Command Injection Nuclei
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-25597 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.2.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ultimate Reviews
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27193 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.8.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27192 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27196 HIGH This Week

Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash - custom post order allows Reflected XSS.2.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Postmash
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27987 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-25921 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy