Skip to main content
CVE-2024-33343 HIGH POC This Week

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 822 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.3%
CVE-2024-3075 HIGH POC This Week

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mm Email2Image
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-31755 HIGH POC This Week

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cjson
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-33342 HIGH POC This Week

D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 822 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-32406 HIGH POC This Week

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Ssti Relate
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-32880 HIGH POC This Week

pyload is an open-source Download Manager written in pure Python. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python File Upload Pyload
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-3154 HIGH POC PATCH This Week

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-33258 HIGH POC This Week

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-4244 HIGH This Week

A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4243 HIGH This Week

A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4242 HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4241 HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4240 HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4239 HIGH This Week

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1806 Firmware
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-32878 HIGH This Week

Llama.cpp is LLM inference in C/C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Llama Cpp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4238 HIGH This Week

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1806 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4237 HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1806 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4236 HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1803 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
14.9%
CVE-2024-33666 HIGH This Week

An issue was discovered in Zammad before 6.3.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-28327 HIGH This Week

Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-21905 HIGH This Week

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qnap Qts Quts Hero +1
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-31502 HIGH This Week

An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-32868 HIGH PATCH This Week

ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-4163 HIGH This Week

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-33673 HIGH This Week

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Backup Exec
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32883 HIGH This Week

MCUboot is a secure bootloader for 32-bits microcontrollers. Rated high severity (CVSS 7.7). No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-3052 HIGH This Week

Malformed S2 Nonce Get command classes can be sent to crash the gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-3051 HIGH This Week

Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31551 HIGH This Week

Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Cmseasy
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27124 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-4056 HIGH This Week

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1789 HIGH This Week

The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-33672 HIGH This Week

An issue was discovered in Veritas NetBackup before 10.4. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Netbackup
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-33671 HIGH This Week

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Backup Exec
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy