Skip to main content
CVE-2024-25938 HIGH POC THREAT This Week

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
8.8
EPSS
15.6%
CVE-2024-25648 HIGH POC THREAT This Week

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
8.8
EPSS
15.6%
CVE-2024-25575 HIGH POC THREAT This Week

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
17.7%
CVE-2024-29320 HIGH POC This Week

Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wallos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-33437 HIGH POC This Week

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information due to missing support for CSS Style Rules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Css Exfil Protection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-33383 HIGH POC This Week

Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET request using the filePath parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Novel Plus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33332 HIGH POC This Week

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-29384 HIGH POC This Week

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Css Exfil Protection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-26331 HIGH POC THREAT This Week

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
49.3%
CVE-2024-4340 HIGH POC PATCH This Week

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2024-34050 HIGH POC This Week

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Traffic Steering Xapplication
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-34049 HIGH POC This Week

Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return plmnIdString[0:3], plmnIdString[3:]" in reader.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Traffic Steering Xapplication
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-4349 HIGH POC This Week

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Pisay Online E Learning System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-29466 HIGH This Week

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Java
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-31837 HIGH This Week

DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-2663 HIGH This Week

The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-4185 HIGH This Week

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-23463 HIGH This Week

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Client Connector
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-2378 HIGH This Week

A vulnerability exists in the web-authentication component of the SDM600. Rated high severity (CVSS 8.0). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-4192 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cncsoft G2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23774 HIGH This Week

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23773 HIGH This Week

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1895 HIGH This Week

The Event Monster - Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Event Monster
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-33270 HIGH This Week

An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2377 HIGH This Week

A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. Rated high severity (CVSS 7.6). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-4225 HIGH This Week

Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass XSS CSRF
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-34088 HIGH PATCH This Week

In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33309 HIGH This Week

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-33274 HIGH This Week

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-28716 HIGH This Week

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-34046 HIGH This Week

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-34045 HIGH This Week

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33831 HIGH This Week

A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-4337 HIGH This Week

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/nav/add, in multiple parameters. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-4336 HIGH This Week

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting (XSS) vulnerability via the /adive/admin/tables/add, in multiple parameters. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Framework
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-28269 HIGH This Week

ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-2617 HIGH This Week

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-32970 HIGH PATCH This Week

Phlex is a framework for building object-oriented views in Ruby. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Mozilla
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-33465 HIGH This Week

Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy