Skip to main content
CVE-2024-27398 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-22774 HIGH This Week

An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-2662 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

WordPress Command Injection Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2024-1630 HIGH This Week

Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-4545 HIGH This Week

All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 prior to 15.7.0 and from 16.0 prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PostgreSQL
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-34559 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27109 HIGH This Week

Insufficiently protected credentials in GE HealthCare EchoPAC products. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-34714 HIGH This Week

The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google Mozilla
NVD GitHub
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-32742 HIGH This Week

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Cn 4100 Firmware
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-1913 HIGH This Week

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Robotware
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-32712 HIGH This Week

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.0.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Podlove Podcast Publisher
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-32724 HIGH This Week

Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-31482 HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31481 HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31480 HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31479 HIGH This Week

Unauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31478 HIGH This Week

Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-3676 HIGH This Week

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-4773 HIGH This Week

When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-30043 HIGH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.5
EPSS
54.7%
CVE-2024-30029 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-30024 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-30023 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-30022 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-30015 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-30014 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-26007 HIGH This Week

An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23105 HIGH This Week

A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Fortinet Fortiportal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-3372 HIGH This Week

Improper validation of certain metadata input may result in the server not correctly serialising BSON. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33865 HIGH This Week

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Linqi
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27942 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Ruggedcom Crossbow
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25968 HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-25966 HIGH This Week

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-34350 HIGH PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-33818 HIGH This Week

Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-32992 HIGH This Week

Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-32990 HIGH This Week

Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-32989 HIGH This Week

Insufficient verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-32609 HIGH This Week

HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hdf5
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-30172 HIGH PATCH This Week

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-29857 HIGH PATCH This Week

An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Java Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-27790 HIGH This Week

Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Filemaker Server
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22345 HIGH This Week

IBM TXSeries for Multiplatforms 8.2 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Txseries For Multiplatform
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-0097 HIGH This Week

NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Information Disclosure Nvidia Microsoft Chatrtx
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-0096 HIGH This Week

NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Information Disclosure Nvidia Microsoft Chatrtx
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-2290 HIGH This Week

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-1486 HIGH This Week

Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-32624 HIGH This Week

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-32620 HIGH This Week

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-32619 HIGH This Week

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
7.4
EPSS
0.2%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy