Skip to main content
CVE-2024-3660 CRITICAL PATCH Act Now

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Keras
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-3863 CRITICAL Act Now

The executable file warning was not presented when downloading .xrm-ms files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla File Upload Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3871 CRITICAL Act Now

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-32023 MEDIUM POC PATCH This Month

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Kohya Ss
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-1666 MEDIUM POC PATCH This Month

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lunary
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-21071 CRITICAL Act Now

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Workflow
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-21115 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21114 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21113 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21112 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21067 HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-3882 HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-3881 HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-3880 HIGH This Week

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
4.4%
CVE-2024-3879 HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-3874 HIGH This Week

A vulnerability was found in Tenda W20E 15.11.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W20e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-3856 HIGH This Week

A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3854 HIGH This Week

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-1961 HIGH This Week

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal RCE Java File Upload
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2024-31760 MEDIUM POC This Month

An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-25911 HIGH This Week

Missing Authorization vulnerability in Skymoon Labs MoveTo.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-45000 HIGH This Week

Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Litespeed Cache
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-21095 HIGH This Week

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-20999 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle Solaris
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-2260 MEDIUM POC PATCH This Month

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Session Fixation Zenml
NVD GitHub
CVSS 3.1
4.2
EPSS
0.4%
CVE-2024-21092 HIGH This Week

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Product Lifecycle Management For Process
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-3865 HIGH This Week

Memory safety bugs present in Firefox 124. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-22262 HIGH PATCH This Week

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-32631 HIGH This Week

Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Information Disclosure Asr3602 Firmware Asr3605 Firmware Asr3607 Firmware +10
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-21116 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-21103 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21059 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Oracle Solaris
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-3857 HIGH This Week

The JIT created incorrect code for arguments in certain cases. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31446 HIGH This Week

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.7
EPSS
0.6%
CVE-2024-32086 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.18.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31887 HIGH This Week

IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Privilege On Premises
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21090 HIGH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Oracle Mysql Connector Python
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21088 HIGH This Week

Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Request Smuggling Oracle E Business Suite
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21079 HIGH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21078 HIGH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Marketing
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21077 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Oracle Trade Management
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21076 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21075 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21074 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21073 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Oracle Trade Management
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21007 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21006 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2024-3858 HIGH This Week

It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-3853 HIGH This Week

A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-3852 HIGH This Week

GetBoundName could return the wrong version of an object when JIT optimizations were applied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.6%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy