Skip to main content
CVE-2024-32349 MEDIUM POC This Month

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
6.0
EPSS
0.9%
CVE-2024-30207 CRITICAL Act Now

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-32700 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.0.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
CVSS 3.1
10.0
EPSS
2.6%
CVE-2024-4775 MEDIUM POC This Month

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-4772 MEDIUM POC This Month

An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-4701 CRITICAL PATCH Act Now

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
9.9
EPSS
24.6%
CVE-2024-34222 MEDIUM POC This Month

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-2749 MEDIUM POC This Month

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Vikbooking Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-29212 CRITICAL Act Now

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Veeam Service Provider Console
NVD
CVSS 3.0
9.9
EPSS
1.6%
CVE-2024-31473 CRITICAL Act Now

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-31472 CRITICAL Act Now

There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-31471 CRITICAL Act Now

There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-31470 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-31469 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31468 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31467 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31466 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-4778 CRITICAL Act Now

Memory safety bugs present in Firefox 125. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33868 CRITICAL Act Now

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection LDAP Microsoft Linqi
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-33863 CRITICAL Act Now

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Microsoft Linqi
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32740 CRITICAL Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Simatic Cn 4100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-27939 CRITICAL Act Now

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Ruggedcom Crossbow
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4825 CRITICAL PATCH Act Now

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cockpit
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-4824 CRITICAL Act Now

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi School Erp Pro Responsive
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3263 CRITICAL Act Now

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-35099 CRITICAL Act Now

TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-34706 CRITICAL PATCH Act Now

Valtimo is an open source business process and case management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-33874 CRITICAL Act Now

HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-32991 CRITICAL Act Now

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32621 CRITICAL Act Now

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-32615 CRITICAL Act Now

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Hdf5
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-32611 CRITICAL Act Now

HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hdf5
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-30802 CRITICAL Act Now

An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29164 CRITICAL Act Now

HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service RCE Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29159 CRITICAL Act Now

HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29157 CRITICAL Act Now

HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Denial Of Service Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28285 CRITICAL Act Now

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-23473 CRITICAL Act Now

The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-33772 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime.". Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow D-Link Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2024-27107 CRITICAL Act Now

Weak account password in GE HealthCare EchoPAC products. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-33006 CRITICAL Act Now

An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-34359 CRITICAL PATCH Act Now

llama-cpp-python is the Python bindings for llama.cpp. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 3.1
9.6
EPSS
28.4%
CVE-2024-34070 CRITICAL PATCH Act Now

Froxlor is open source server administration software. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2024-27834 MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +6
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-4444 MEDIUM POC This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Learnpress
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-3241 MEDIUM POC This Month

The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Blocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-35011 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-34243 MEDIUM POC This Month

Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Konga
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-33499 CRITICAL Act Now

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-3239 MEDIUM POC This Month

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Postx
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
Prev Page 3 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy