Skip to main content
CVE-2024-1929 HIGH POC This Week

Local Root Exploit via Configuration Dictionary in dnf5daemon-server before 5.1.17 allows a malicious user to impact Confidentiality and Integrity via Configuration Dictionary. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dnf5
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-25526 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-34244 HIGH POC This Week

libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libmodbus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-4653 HIGH POC This Week

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinical Browsing System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25515 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_work_finish_file_down.aspx. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-2746 HIGH This Week

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-34347 HIGH PATCH This Week

@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Node.js Command Injection
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-31156 HIGH This Week

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-2860 HIGH This Week

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure PostgreSQL Brocade Sannav
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1438 HIGH This Week

Missing Authorization vulnerability in PressFore Rolo Slider.0.9. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-3507 HIGH This Week

Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-31270 HIGH This Week

Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.6.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Arforms Form Builder
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-33608 HIGH This Week

When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +18
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-26026 HIGH This Week

An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Big Ip Next Central Manager
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2024-25560 HIGH This Week

When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +19
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21793 HIGH This Week

An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Big Ip Next Central Manager
NVD
CVSS 3.1
7.5
EPSS
7.1%
CVE-2024-4438 HIGH This Week

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-4437 HIGH This Week

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-4436 HIGH This Week

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-32049 HIGH This Week

BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Next Central Manager
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-28883 HIGH This Week

An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apple Microsoft Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-22460 HIGH This Week

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Dell Dm5500 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-22264 HIGH This Week

VMware Avi Load Balancer contains a privilege escalation vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-34553 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core allows Reflected XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stockholm Core
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-3951 HIGH This Week

PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious code. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy