Skip to main content
CVE-2024-3698 HIGH POC This Week

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3697 HIGH POC This Week

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3696 HIGH POC This Week

A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3690 HIGH POC This Week

A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Small Crm
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-3686 HIGH POC This Week

A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dedecms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-29400 HIGH POC This Week

An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruoyi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-3054 HIGH PATCH Act Now

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.5%.

Deserialization PHP Information Disclosure WordPress Migration Backup Staging
NVD
CVSS 3.1
7.2
EPSS
20.5%
CVE-2024-3211 HIGH This Week

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-51515 HIGH This Week

Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.8.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-32003 HIGH PATCH This Week

wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation PHP Google
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-29022 HIGH This Week

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22358 HIGH This Week

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3705 HIGH This Week

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Opengnsys
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-30398 HIGH This Week

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-30397 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-30392 HIGH This Week

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-30382 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-30405 HIGH This Week

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-30395 HIGH This Week

An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-30394 HIGH This Week

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Juniper Denial Of Service Junos +1
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-21598 HIGH This Week

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-30381 HIGH This Week

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Paragon Active Assurance Control Center
NVD
CVSS 4.0
8.4
EPSS
0.5%
CVE-2024-32005 HIGH PATCH This Week

NiceGUI is an easy-to-use, Python-based UI framework. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-30402 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-30401 HIGH This Week

An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper Junos
NVD
CVSS 4.0
8.2
EPSS
0.6%
CVE-2024-25545 HIGH This Week

An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Weave Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28869 HIGH PATCH This Week

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Traefik
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-3706 HIGH This Week

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Opengnsys
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31069 HIGH This Week

IO-1020 Micro ELD web server uses a default password for authentication. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-30210 HIGH This Week

IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-27309 HIGH PATCH This Week

While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apache Kafka
NVD
CVSS 3.1
7.4
EPSS
1.1%
CVE-2024-29023 HIGH This Week

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-30403 HIGH This Week

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-30388 HIGH This Week

An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-30387 HIGH This Week

A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-30386 HIGH This Week

A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service Memory Corruption Junos +1
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-21618 HIGH This Week

An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-21609 HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an administratively adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-21605 HIGH This Week

An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX 300 Series allows an unauthenticated, adjacent attacker to cause a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-21593 HIGH This Week

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-21590 HIGH This Week

An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy