Skip to main content
CVE-2024-1800 HIGH POC THREAT Act Now

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Telerik Report Server
NVD GitHub
CVSS 3.1
8.8
EPSS
40.4%
CVE-2024-2711 HIGH POC This Week

A vulnerability was found in Tenda AC10U 15.03.06.48. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2710 HIGH POC This Week

A vulnerability was found in Tenda AC10U 15.03.06.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2709 HIGH POC This Week

A vulnerability was found in Tenda AC10U 15.03.06.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2708 HIGH POC This Week

A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2707 HIGH POC This Week

A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
4.6%
CVE-2024-2706 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2705 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2704 HIGH POC This Week

A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2703 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-0856 HIGH POC This Week

The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Appointment Booking Calendar
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-28582 HIGH POC This Week

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Freeimage
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-28581 HIGH POC This Week

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Freeimage
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-28580 HIGH POC This Week

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Freeimage
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-28578 HIGH POC This Week

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure RCE Freeimage
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-28566 HIGH POC This Week

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Freeimage
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-28735 HIGH POC This Week

Unit4 Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability which allows an authenticated user to modify the password of any user of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Financials By Coda
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-29032 HIGH POC PATCH This Week

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE IBM Qiskit Ibm Runtime
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-28583 HIGH POC This Week

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Freeimage
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-28569 HIGH POC This Week

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Freeimage
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28231 HIGH POC PATCH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-1983 HIGH POC This Week

The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Simple Ajax Chat
NVD WPScan
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-1205 HIGH This Week

The Management App for WooCommerce - Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Wemanage
NVD VulDB
CVSS 3.1
8.8
EPSS
4.7%
CVE-2024-1799 HIGH PATCH This Week

The GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Gamipress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-2627 HIGH This Week

Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1856 HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-22078 HIGH This Week

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation G5Dfr Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2702 HIGH This Week

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Authentication Bypass Olive One Click Demo Import
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-2721 HIGH This Week

Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.1.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Social Media Share Buttons
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-1801 HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23721 HIGH This Week

A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Vigor3910 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-28396 HIGH This Week

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Orders Csv Excel Export Pro
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-22084 HIGH This Week

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure G5Dfr Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-22082 HIGH This Week

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure G5Dfr Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22079 HIGH This Week

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal G5Dfr Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-2459 HIGH This Week

The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-2469 HIGH This Week

An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-2443 HIGH This Week

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy