Skip to main content
CVE-2024-33877 HIGH This Week

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-33873 HIGH This Week

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-33433 MEDIUM POC This Month

Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS X2000r Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-32623 HIGH This Week

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-32617 HIGH This Week

HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-32614 HIGH This Week

HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-32605 HIGH This Week

HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-29161 HIGH This Week

HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Denial Of Service Hdf5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-0087 HIGH This Week

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
8.8
EPSS
19.0%
CVE-2024-4791 HIGH This Week

A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-3941 MEDIUM POC This Month

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Recaptcha Jetpack
NVD WPScan
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-27813 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-31485 HIGH This Week

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
8.6
EPSS
2.4%
CVE-2024-27110 HIGH This Week

Elevation of privilege vulnerability in GE HealthCare EchoPAC products. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-1628 HIGH This Week

OS command injection vulnerabilities in GE HealthCare ultrasound devices. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2024-35204 HIGH This Week

Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-4767 MEDIUM POC This Month

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-35048 MEDIUM POC This Month

An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-34223 MEDIUM POC This Month

Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Human Resource Management System
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-46280 HIGH This Week

A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2024-4441 HIGH This Week

The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google WordPress PHP RCE LFI +1
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-31475 HIGH This Week

There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-31474 HIGH This Week

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Arubaos Instantos
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-22267 HIGH This Week

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure VMware Memory Corruption Fusion +1
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-34360 HIGH PATCH This Week

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-4765 HIGH This Week

Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-30020 HIGH This Week

Windows Cryptographic Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-34345 HIGH PATCH This Week

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-32655 HIGH PATCH This Week

Npgsql is the .NET data provider for PostgreSQL. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi PostgreSQL
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2024-0100 HIGH This Week

NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-0088 HIGH This Week

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
8.1
EPSS
18.9%
CVE-2024-33263 MEDIUM POC This Month

QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Quickjs
NVD GitHub
CVSS 3.1
4.0
EPSS
0.3%
CVE-2024-28075 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Trend Micro Access Rights Manager
NVD
CVSS 3.1
8.0
EPSS
78.0%
CVE-2024-27793 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Code Injection Itunes
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-27829 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27842 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27818 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Command Injection Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27843 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27824 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27798 HIGH This Week

An authorization issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27796 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27396 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-27395 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-31556 HIGH This Week

An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-30051 HIGH KEV PATCH THREAT This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
7.8
EPSS
5.7%
CVE-2024-30049 HIGH This Week

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +12
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-30042 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2024-30035 HIGH This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1809 +8
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2024-30032 HIGH This Week

Windows DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +11
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2024-30031 HIGH This Week

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +13
NVD
CVSS 3.1
7.8
EPSS
0.4%
Prev Page 6 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy