Skip to main content
CVE-2024-26304 CRITICAL POC THREAT Act Now

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE
NVD
CVSS 3.1
9.8
EPSS
44.0%
CVE-2024-33775 CRITICAL POC Act Now

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nagios Xi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-33835 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-33768 CRITICAL POC Act Now

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32018 CRITICAL POC Act Now

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-32017 CRITICAL POC Act Now

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-31225 CRITICAL POC Act Now

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2024-33430 HIGH POC This Week

An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Phiola
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-33428 HIGH POC This Week

Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Phiola
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-4368 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-32212 HIGH POC This Week

SQL Injection vulnerability in LOGINT LoMag Inventory Management v1.0.20.120 and before allows an attacker to execute arbitrary code via the ArticleGetGroups, DocAddDocument, ClassClickShop and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi RCE Lomag Warehouse Management
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-33820 HIGH POC This Week

Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33763 HIGH POC This Week

lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33423 HIGH POC This Week

Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-33306 HIGH POC This Week

SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Management System
NVD GitHub
CVSS 3.1
7.4
EPSS
0.7%
CVE-2024-33300 HIGH POC This Week

Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Typora
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-33429 HIGH POC This Week

Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Phiola
NVD GitHub
CVSS 3.1
7.1
EPSS
1.1%
CVE-2024-33431 MEDIUM POC This Month

An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Phiola
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-4060 MEDIUM POC This Month

Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-4059 MEDIUM POC This Month

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-3591 MEDIUM POC This Month

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Geo Controller
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-33424 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-33304 MEDIUM POC This Month

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Product Show Room Site
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-33078 CRITICAL Act Now

Tencent Libpag v4.3 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Libpag
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-23480 CRITICAL Act Now

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-33512 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE
NVD
CVSS 3.1
9.8
EPSS
14.6%
CVE-2024-33511 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE
NVD
CVSS 3.1
9.8
EPSS
14.6%
CVE-2024-26305 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE
NVD
CVSS 3.1
9.8
EPSS
15.2%
CVE-2024-32211 MEDIUM POC This Month

An issue in LOGINT LoMag Inventory Management v1.0.20.120 and before allows a local attacker to obtain sensitive information via the UserClass.cs and Settings.cs components. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lomag Warehouse Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-33764 MEDIUM POC This Month

lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Lunasvg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-33307 MEDIUM POC This Month

SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-32213 MEDIUM POC This Month

The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Lomag Warehouse Management
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-32210 MEDIUM POC This Month

The LoMag WareHouse Management application version 1.0.20.120 and older were to utilize hard-coded passwords by default for forms and SQL connections. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lomag Warehouse Management
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-33766 MEDIUM POC This Month

lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-27053 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-4142 CRITICAL Act Now

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-33767 MEDIUM POC This Month

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Lunasvg
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-26504 HIGH This Week

An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Open Redirect
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-26945 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which causes a divide-by-0 in. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-33442 MEDIUM POC This Month

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Flusity
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-33292 HIGH This Week

SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-32963 MEDIUM POC PATCH This Month

Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Navidrome
NVD GitHub
CVSS 3.1
4.2
EPSS
0.4%
CVE-2024-26951 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(),. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption Linux Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27065 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26961 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27024 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26988 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26958 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27022 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26934 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy