Skip to main content
CVE-2024-28270 HIGH This Week

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-26574 HIGH This Week

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Filmora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23084 HIGH This Week

Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apfloat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23085 HIGH This Week

Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Apfloat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31816 HIGH This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-27897 HIGH This Week

Input verification vulnerability in the call module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-27896 HIGH This Week

Input verification vulnerability in the log module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-27895 HIGH This Week

Vulnerability of permission control in the window module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-31047 LOW POC Monitor

An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Openexr
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-2511 MEDIUM This Month

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Denial Of Service
NVD GitHub
CVSS 3.1
5.9
EPSS
4.1%
CVE-2024-23584 MEDIUM This Month

The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-28224 MEDIUM PATCH This Month

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ollama
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-31357 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0083 MEDIUM This Month

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Information Disclosure Denial Of Service XSS +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31812 MEDIUM This Month

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-31806 MEDIUM This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23079 MEDIUM This Month

JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-23192 MEDIUM This Month

RSS feeds that contain malicious data- attributes could be abused to inject script code to a users browser session when reading compromised RSS feeds or successfully luring users to compromised. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-26811 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-31375 MEDIUM This Month

Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.2.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31205 MEDIUM PATCH This Month

Saleor is an e-commerce platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Saleor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-23191 MEDIUM This Month

Upsell advertisement information of an account can be manipulated to execute script code in the context of the users browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-23190 MEDIUM This Month

Upsell shop information of an account can be manipulated to execute script code in the context of the users browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-23189 MEDIUM This Month

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3434 MEDIUM This Month

A vulnerability classified as critical was found in CP Plus Wi-Fi Camera up to 20240401. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-31447 MEDIUM PATCH This Month

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-3444 MEDIUM This Month

A vulnerability was found in Wangshen SecGate 3600 up to 20240408. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-23658 MEDIUM This Month

In camera driver, there is a possible use after free due to a logic error. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-23081 LOW Monitor

ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Threeten Backport
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-23082 Monitor

ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy