Skip to main content
CVE-2024-4024 HIGH POC THREAT This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
14.9%
CVE-2024-4170 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4169 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-33247 HIGH POC This Week

Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Task Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4168 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-4167 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-4166 HIGH POC This Week

A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-2434 HIGH POC THREAT This Week

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
8.1
EPSS
22.9%
CVE-2024-32324 HIGH POC This Week

Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Lbt T300 T400 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-31609 HIGH POC This Week

Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Bosscms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-25917 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.0.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-3622 HIGH This Week

A flaw was found when using mirror-registry to install Quay. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mirror Registry
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-4171 HIGH This Week

A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-1657 HIGH This Week

A flaw was found in the ansible automation platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-28241 HIGH PATCH This Week

The GLPI Agent is a generic management agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Glpi Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28240 HIGH PATCH This Week

The GLPI Agent is a generic management agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Glpi Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1139 HIGH This Week

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2024-32358 HIGH This Week

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Jpress
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25026 HIGH This Week

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-2829 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
26.0%
CVE-2024-4161 HIGH This Week

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29205 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ivanti
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2024-23527 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-3625 HIGH This Week

A flaw was found in Quay, where Quay's database is stored in plain text in mirror-registry on Jinja's config.yaml file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Redis Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-3624 HIGH This Week

A flaw was found in how Quay's database is stored in plain-text in mirror-registry on the jinja's config.yaml file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-4077 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.7.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy