Skip to main content
CVE-2024-3116 CRITICAL POC PATCH THREAT Act Now

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
64.8%
CVE-2024-21894 CRITICAL POC THREAT Act Now

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ivanti Memory Corruption Connect Secure +1
NVD
CVSS 3.1
9.8
EPSS
19.0%
CVE-2024-3315 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3273 CRITICAL POC KEV THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320L Firmware Dns 120 Firmware Dnr 202L Firmware +17
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-3272 CRITICAL POC KEV THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403.cgi of the component HTTP GET. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dns 320L Firmware Dns 120 Firmware Dnr 202L Firmware +17
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
98.0%
CVE-2024-30264 CRITICAL POC PATCH Act Now

Typebot is an open-source chatbot builder. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Typebot
NVD GitHub
CVSS 3.1
9.3
EPSS
0.8%
CVE-2024-2692 CRITICAL POC Act Now

SiYuan version 3.0.3 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siyuan
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-3022 HIGH POC PATCH This Week

Authenticated arbitrary file upload in the BookingPress WordPress plugin (versions through 1.0.87) enables remote code execution by administrator-level users who can upload malicious files via the 'bookingpress_process_upload' function. Publicly available exploit code exists and EPSS places this in the 92nd percentile (8.31% probability), indicating elevated likelihood of exploitation attempts despite the high-privilege requirement. The flaw affects the free WordPress edition distributed by Repute InfoSystems.

File Upload RCE WordPress Bookingpress
NVD
CVSS 3.1
7.2
EPSS
8.3%
CVE-2024-3316 HIGH POC This Week

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3311 HIGH POC This Week

A vulnerability was found in Dreamer CMS up to 4.1.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dreamer Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-29387 HIGH POC This Week

projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Projeqtor
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-29192 HIGH POC PATCH This Week

gotortc is a camera streaming application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Go2Rtc
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-30565 HIGH POC This Week

An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-31212 HIGH POC This Week

InstantCMS is a free and open source content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Instantcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-30270 MEDIUM POC THREAT This Month

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Path Traversal Docker Mailcow
NVD GitHub
CVSS 3.1
6.2
EPSS
27.3%
CVE-2024-31204 MEDIUM POC This Month

mailcow: dockerized is an open source groupware/email suite based on docker. Rated medium severity (CVSS 6.1). Public exploit code available and no vendor patch available.

XSS Docker Mailcow
NVD GitHub
CVSS 3.1
6.1
EPSS
8.2%
CVE-2024-29193 MEDIUM POC PATCH This Month

gotortc is a camera streaming application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Go2Rtc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29191 MEDIUM POC PATCH This Month

gotortc is a camera streaming application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Go2Rtc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28787 CRITICAL Act Now

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Application Gateway Security Verify Access
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-25693 CRITICAL Act Now

There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Portal For Arcgis
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2024-31211 CRITICAL Act Now

WordPress is an open publishing platform for the Web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-27981 CRITICAL Act Now

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ubiquiti
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-3314 CRITICAL Act Now

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29006 CRITICAL Act Now

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloudstack
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29375 CRITICAL Act Now

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-30266 MEDIUM POC PATCH This Month

wasmtime is a runtime for WebAssembly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Memory Corruption Wasmtime
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-29386 MEDIUM POC This Month

projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Projeqtor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3274 MEDIUM POC THREAT This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
33.5%
CVE-2024-2008 HIGH This Week

The Modal Popup Box - Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31498 HIGH This Week

Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-31210 HIGH This Week

WordPress is an open publishing platform for the Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-25568 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-25503 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
4.7
EPSS
0.9%
CVE-2024-30249 HIGH This Week

Cloudburst Network provides network components used within Cloudburst projects. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-25699 HIGH This Week

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Portal For Arcgis Arcgis Enterprise
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-31206 HIGH PATCH This Week

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-22053 HIGH This Week

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Memory Corruption Connect Secure Policy Secure
NVD
CVSS 3.1
8.2
EPSS
3.5%
CVE-2024-3299 HIGH This Week

Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3298 HIGH This Week

Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26800 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26797 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent potential buffer overflow in map_hw_resources Adds a check in the map_hw_resources function to prevent a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26793 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26792 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26782 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-30263 HIGH This Week

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-30255 HIGH PATCH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
87.8%
CVE-2024-22052 HIGH This Week

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Connect Secure Policy Secure
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2024-27268 HIGH This Week

IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-30261 LOW POC PATCH Monitor

Undici is an HTTP/1.1 client, written from scratch for Node.js. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Undici Fedora
NVD GitHub
CVSS 3.1
3.5
EPSS
0.8%
CVE-2024-30250 HIGH PATCH This Week

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Astro Shield
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy