Skip to main content
CVE-2024-2828 HIGH POC This Week

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2827 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2826 HIGH POC This Week

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2825 HIGH POC This Week

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-29366 HIGH POC This Week

A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28559 HIGH POC This Week

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP B2B2C Multi Business
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2812 HIGH POC This Week

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-2805 HIGH POC This Week

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-25808 HIGH POC This Week

Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Lychee
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-29184 HIGH POC This Week

FreeScout is a self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Freescout
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-29190 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Google Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-29499 HIGH POC This Week

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Anchor Cms
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-2228 HIGH This Week

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Identityiq
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2448 HIGH This Week

An OS command injection vulnerability has been identified in LoadMaster. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Loadmaster
NVD
CVSS 3.1
8.8
EPSS
55.4%
CVE-2024-28824 HIGH This Week

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1848 HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2227 HIGH This Week

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Identityiq
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-2725 HIGH This Week

Information exposure vulnerability in the CIGESv2 system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2724 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2723 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2722 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2449 HIGH This Week

A cross-site request forgery vulnerability has been identified in LoadMaster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Loadmaster
NVD
CVSS 3.1
7.5
EPSS
12.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy