Skip to main content
CVE-2024-2961 HIGH POC THREAT Act Now

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.6%.

Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
7.3
EPSS
92.6%
Threat
5.7
CVE-2024-32299 HIGH POC This Week

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1203 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-32292 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-32281 HIGH POC This Week

Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-3910 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3906 HIGH POC This Week

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3905 HIGH POC This Week

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-3833 HIGH POC THREAT This Week

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
15.0%
CVE-2024-3832 HIGH POC This Week

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-32293 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
5.6%
CVE-2024-32285 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-32310 HIGH POC This Week

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-31041 HIGH POC This Week

Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31031 HIGH POC This Week

An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcoap Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-32317 HIGH POC This Week

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-32291 HIGH POC This Week

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-32307 HIGH POC This Week

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-32283 HIGH POC This Week

Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1203 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-32345 HIGH POC This Week

A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-21989 HIGH This Week

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-32305 HIGH This Week

Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow A18 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3834 HIGH This Week

Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-31680 HIGH This Week

File Upload vulnerability in Shibang Communications Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-47151 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin.7.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Js Help Desk
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2024-3323 HIGH This Week

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-1132 HIGH PATCH This Week

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Build Of Keycloak Jboss Middleware Text Only Advisories Keycloak Migration Toolkit For Applications +6
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-32303 HIGH This Week

Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-26882 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26895 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wilc_netdev_cleanup currently triggers a KASAN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26885 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of two. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26898 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Memory Corruption Use After Free Denial Of Service Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26852 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Google Denial Of Service Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26884 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26883 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26907 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Authentication Bypass Memory Corruption Ubuntu Use After Free Red Hat +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-31583 HIGH PATCH This Week

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Pytorch
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26914 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why] MAX_SURFACES is per stream, while MAX_PLANES is per asic. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26913 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why] odm calculation is missing for pipe split policy determination and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26892 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26865 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26856 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5_del_mact_entry Based on the static analyzis of the code it looks like when an entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26842 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() When task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26836 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Lenovo Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-51500 HIGH This Week

Missing Authorization vulnerability in Undsgn Uncode Core.8.8. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2023-51418 HIGH This Week

Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.2.6. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2023-44227 HIGH This Week

Missing Authorization vulnerability in Mitchell Bennis Simple File List.1.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-30253 HIGH PATCH MAL This Week

@solana/web3.js is the Solana JavaScript SDK. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-26854 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31503 HIGH This Week

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-1249 HIGH PATCH This Week

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy