Skip to main content
CVE-2024-20353 HIGH POC KEV THREAT Act Now

Cisco ASA and FTD management and VPN web servers contain a vulnerability causing device reload through incomplete error checking, exploited alongside CVE-2024-20359 by state-sponsored actors in the 'ArcaneDoor' campaign.

NVD
CVSS 3.1
8.6
EPSS
24.4%
Threat
5.2
CVE-2024-4127 HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-4126 HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-4125 HIGH POC This Week

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-4124 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4123 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4122 HIGH POC This Week

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4121 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4120 HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4119 HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4118 HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4117 HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4116 HIGH POC This Week

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4115 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W15e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4093 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Subscription Website
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-32825 HIGH POC This Week

Sensitive information disclosure in the Simply Static WordPress plugin (versions up to and including 3.1.3) allows remote unauthenticated attackers to access data that should not be exposed in generated static site output. Publicly available exploit code exists, though EPSS scoring (0.29%, 53rd percentile) suggests exploitation interest is modest. The flaw was reported through Patchstack's audit program and is tagged as an information disclosure issue.

Information Disclosure
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20295 HIGH This Week

A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-4114 HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Tx9 Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4113 HIGH This Week

A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Tx9 Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4112 HIGH This Week

A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Tx9 Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4111 HIGH This Week

A vulnerability was found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Tx9 Pro Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-31406 HIGH This Week

Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-20356 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
CVSS 3.1
8.7
EPSS
32.7%
CVE-2024-32710 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.26.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-32706 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARForms arforms.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.1%
CVE-2024-32876 HIGH This Week

NewPipe is an Android app for video streaming written in Java. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Google
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-51405 HIGH This Week

Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.0.74. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bookingpress
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-51471 HIGH This Week

Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Accessing Functionality Not Properly Constrained by ACLs.1.9.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-33531 HIGH This Week

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-28976 HIGH This Week

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Repository Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32953 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in Newsletters.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-32816 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.2.78. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-32726 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-32781 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23976 HIGH This Week

Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Registrationmagic
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-20313 HIGH This Week

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-32950 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-32785 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).0.8.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF The Pack Elementor Addons Elementor
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32952 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32702 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARForms arforms.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32958 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).8.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32789 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27791 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy