Skip to main content
CVE-2024-2389 CRITICAL POC THREAT Emergency

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Flowmon
NVD GitHub
CVSS 3.1
9.8
EPSS
93.9%
CVE-2024-3209 CRITICAL POC Act Now

A vulnerability was found in UPX up to 4.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Upx Fedora
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-3207 CRITICAL POC Act Now

A vulnerability was found in ermig1979 Simd up to 6.0.134. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Simd
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-3204 CRITICAL POC Act Now

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow C Blosc2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-3203 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow C Blosc2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-30621 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30620 CRITICAL POC Act Now

Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-31004 CRITICAL POC Act Now

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4StsdAtom.cpp,AP4_StsdAtom::AP4_StsdAtom,mp4fragment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Bento4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-31002 CRITICAL POC Act Now

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache() at Ap4Utils.cpp component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Bento4
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-30965 HIGH POC PATCH This Week

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/member_scores.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-29514 HIGH POC This Week

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Leptoncms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-31003 HIGH POC This Week

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Buffer Overflow Bento4
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-25187 HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF 71Cms
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-31005 HIGH POC This Week

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the Ap4MdhdAtom.cpp,AP4_MdhdAtom::AP4_MdhdAtom,mp4fragment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection RCE Bento4
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-30809 HIGH POC This Week

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Bento4
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-30807 HIGH POC This Week

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Bento4
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-30806 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3202 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
1.2%
CVE-2024-29432 CRITICAL Act Now

Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Alldata
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-27604 CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-29276 CRITICAL Act Now

An issue was discovered in seeyonOA version 8, allows remote attackers to execute arbitrary code via the importProcess method in WorkFlowDesignerController.class component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
32.8%
CVE-2024-3248 MEDIUM POC This Month

In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-3247 MEDIUM POC This Month

In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-30946 MEDIUM POC This Month

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/co_do.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1274 MEDIUM POC This Month

The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Calendar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-2369 MEDIUM POC This Month

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Coblocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-27602 CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alldata
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-29074 HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-22098 HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-3148 HIGH This Week

A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-29434 HIGH This Week

An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Alldata
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-3151 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Bdtask Multi-Store Inventory Management System up to 20240325. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF M Store
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3147 MEDIUM POC This Month

A vulnerability classified as problematic was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3146 MEDIUM POC This Month

A vulnerability classified as problematic has been found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3145 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3144 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3143 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-30371 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30367 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30365 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30362 HIGH This Week

Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30361 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30360 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30359 HIGH This Week

Foxit PDF Reader AcroForm 3D Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2024-30358 HIGH This Week

Foxit PDF Reader AcroForm User-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30357 HIGH This Week

Foxit PDF Reader AcroForm Annotation Type Confusion Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30355 HIGH This Week

Foxit PDF Reader AcroForm Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30354 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30353 HIGH This Week

Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30352 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy