Skip to main content
CVE-2024-2903 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-2885 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-2883 HIGH POC This Week

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2024-2902 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-2901 HIGH POC This Week

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2900 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2899 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2898 HIGH POC This Week

A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2897 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-2896 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-2895 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2894 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2893 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2892 HIGH POC This Week

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2891 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-51148 HIGH POC This Week

An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Tew 821Dap Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-2212 HIGH POC This Week

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-29189 HIGH POC PATCH This Week

PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python Command Injection Pyansys Geometry
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2886 HIGH POC This Week

Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-28551 HIGH POC This Week

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-28442 HIGH POC This Week

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Vp59 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23722 HIGH POC PATCH This Week

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Fluent Bit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-29302 HIGH POC This Week

SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-29301 HIGH POC This Week

SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-25420 HIGH POC PATCH This Week

An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openfire
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-2910 HIGH This Week

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Eg350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
3.7%
CVE-2024-2909 HIGH This Week

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Eg350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-2915 HIGH This Week

Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-28093 HIGH This Week

The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-39307 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.11.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Avada
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-0866 HIGH This Week

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection WordPress
NVD VulDB
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-29195 HIGH PATCH This Week

The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Microsoft Azure C Shared Utility
NVD GitHub
CVSS 3.1
8.1
EPSS
5.0%
CVE-2023-48275 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.0.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Google File Upload
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-27521 HIGH This Week

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-2929 HIGH This Week

A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2214 HIGH PATCH This Week

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25958 HIGH This Week

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell Microsoft Grab
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21919 HIGH This Week

An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21918 HIGH This Week

A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Use After Free Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21913 HIGH This Week

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21912 HIGH This Week

An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23482 HIGH This Week

The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28131 HIGH This Week

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23991 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-44989 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-26577 HIGH This Week

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-25136 HIGH This Week

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27459 HIGH This Week

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.3.2.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization User Registration Membership
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-27440 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.4.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-28033 HIGH This Week

OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.3
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy