Skip to main content
CVE-2024-28119 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28118 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-28117 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-28116 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
5.8%
CVE-2024-27921 HIGH POC PATCH THREAT This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Information Disclosure File Upload Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
60.6%
CVE-2024-2764 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2763 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2754 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complete E Commerce Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2016 HIGH POC This Week

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Zhicms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-2015 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in ZhiCms 4.0.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zhicms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27934 HIGH POC PATCH This Week

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Deno
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-27933 HIGH POC PATCH This Week

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass RCE Deno
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-27923 HIGH POC PATCH This Week

Grav is a content management system (CMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-27935 HIGH POC PATCH This Week

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Deno
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-24520 HIGH POC This Week

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Leptoncms
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-28521 HIGH POC This Week

SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Application Security Gateway Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-29031 HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-29180 HIGH POC PATCH This Week

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Webpack Dev Middleware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-2053 HIGH POC THREAT This Week

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Artica Proxy
NVD
CVSS 3.1
7.5
EPSS
44.6%
CVE-2024-28286 HIGH POC This Week

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27292 HIGH POC PATCH THREAT This Week

Docassemble is an expert system for guided interviews and document assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docassemble
NVD GitHub
CVSS 3.1
7.5
EPSS
69.5%
CVE-2024-24272 HIGH POC This Week

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Dualsafe Password Manager
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-1538 HIGH PATCH This Week

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF File Manager
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2024-27964 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.6.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Zippy
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-28040 HIGH This Week

SQL injection vulnerability exists in GetDIAE_astListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-25567 HIGH This Week

Path traversal attack is possible and write outside of the intended directory and may access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23975 HIGH This Week

SQL injection vulnerability exists in GetDIAE_slogListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-23494 HIGH This Week

SQL injection vulnerability exists in GetDIAE_unListParameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-28891 HIGH This Week

SQL injection vulnerability exists in the script Handler_CFG.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-28029 HIGH This Week

Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25937 HIGH This Week

SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2024-2162 HIGH This Week

An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.02.0227 . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-2007 HIGH This Week

A vulnerability was found in OpenBMB XAgent 1.0.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xagent
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28916 HIGH This Week

Xbox Gaming Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xbox Gaming Services
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-27918 HIGH PATCH This Week

Coder allows oragnizations to provision remote development environments via Terraform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Hashicorp Coder
NVD GitHub
CVSS 3.1
8.2
EPSS
1.0%
CVE-2024-28171 HIGH This Week

It is possible to perform a path traversal attack and write outside of the intended directory. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Diaenergie
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-2463 HIGH This Week

Weak password recovery mechanism in CDeX application allows to retrieve password reset token.7.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cdex
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-29880 HIGH This Week

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1394 HIGH PATCH This Week

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-29862 HIGH PATCH This Week

The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gateway Bridge Mqtt Forwarder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-28101 HIGH PATCH This Week

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nginx Apollo Router
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24813 HIGH This Week

Frappe is a full-stack web application framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Frappe
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27094 HIGH PATCH This Week

OpenZeppelin Contracts is a library for secure smart contract development. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-29131 HIGH PATCH This Week

Out-of-bounds Write vulnerability in Apache Commons Configuration.0 before 2.10.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Commons Configuration Fedora +2
NVD
CVSS 3.1
7.3
EPSS
2.1%
CVE-2024-27994 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.5.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-27962 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.7.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Mpdf
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-27993 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-27968 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.7.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Super Page Cache
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-2465 HIGH This Week

Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.7.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cdex
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy