Skip to main content
CVE-2024-32615 CRITICAL Act Now

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Hdf5
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-32611 CRITICAL Act Now

HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hdf5
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-30802 CRITICAL Act Now

An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29164 CRITICAL Act Now

HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service RCE Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29159 CRITICAL Act Now

HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29157 CRITICAL Act Now

HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Denial Of Service Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28285 CRITICAL Act Now

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-23473 CRITICAL Act Now

The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-27107 CRITICAL Act Now

Weak account password in GE HealthCare EchoPAC products. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-33006 CRITICAL Act Now

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-34359 CRITICAL PATCH Act Now

llama-cpp-python is the Python bindings for llama.cpp. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 3.1
9.6
EPSS
28.4%
CVE-2024-34070 CRITICAL PATCH Act Now

Froxlor is open source server administration software. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2024-33499 CRITICAL Act Now

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-28165 CRITICAL PATCH Act Now

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
9.3
EPSS
0.6%
CVE-2024-34440 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.2.63. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ai Engine
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-34416 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-3016 CRITICAL Act Now

NEC Platforms DT900 and DT900S Series 5.0.0.0 - v5.3.4.4, v5.4.0.0 - v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-34365 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Karaf Cave
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-32622 CRITICAL Act Now

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-2257 CRITICAL Act Now

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-26517 CRITICAL Act Now

SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP XSS School Task Manager
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-31488 CRITICAL Act Now

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinac
NVD
CVSS 3.1
9.0
EPSS
1.0%
CVE-2024-34687 CRITICAL PATCH Act Now

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

XSS SAP Sap Basis
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2024-30209 CRITICAL Act Now

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.0
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy