Skip to main content
CVE-2024-30351 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30349 HIGH This Week

Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2024-30348 HIGH This Week

Foxit PDF Reader U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30346 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30345 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30344 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30343 HIGH This Week

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30342 HIGH This Week

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30341 HIGH This Week

Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-30339 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30338 HIGH This Week

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30337 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-30336 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2024-28951 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26666 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix RCU use in TDLS fast-xmit This looks up the link under RCU protection, but isn't guaranteed to actually have. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-24581 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20849 HIGH This Week

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20848 HIGH This Week

Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20846 HIGH This Week

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20845 HIGH This Week

Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20844 HIGH This Week

Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-30248 HIGH PATCH This Week

Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Python
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-27605 HIGH This Week

Alldata V0.4.6 is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alldata
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-28226 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22246 HIGH This Week

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Command Injection VMware
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-22092 HIGH This Week

in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-28287 HIGH This Week

A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-29949 HIGH This Week

There is a command injection vulnerability in some Hikvision NVRs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hikvision Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-31105 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.4.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-31109 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-30335 HIGH This Week

Foxit PDF Reader AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-22248 HIGH This Week

VMware SD-WAN Orchestrator contains an open redirect vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Redirect VMware
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-26674 HIGH PATCH This Week

{get,put}_user() fixups During memory error injection test on kernels >= v6.4, the kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Canonical Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-26673 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-26672 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' Fixes the below:. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Amd Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-26669 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-26665 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-26664 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-3137 HIGH This Week

Improper Privilege Management in uvdesk/community-skeleton. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2024-30808 LOW POC Monitor

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Bento4
NVD GitHub
CVSS 3.1
2.7
EPSS
0.6%
CVE-2024-20843 MEDIUM This Month

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20842 MEDIUM This Month

Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-1807 MEDIUM This Month

The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24888 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.2.25. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-2925 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Beaver Builder
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2924 MEDIUM This Month

The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2839 MEDIUM PATCH This Month

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Colibri Page Builder
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2791 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1946 MEDIUM This Month

The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-29834 MEDIUM PATCH This Month

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Pulsar
NVD
CVSS 3.1
6.4
EPSS
1.4%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy