Skip to main content
CVE-2024-4367 HIGH POC PATCH THREAT CISA Act Now

Arbitrary JavaScript execution in Mozilla's PDF.js library affects Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11 when rendering a malicious PDF document. A missing type check in font handling lets a crafted PDF run JavaScript in the PDF.js context, and publicly available exploit code exists with an EPSS of 34.61% (97th percentile) indicating elevated exploitation likelihood.

Mozilla Information Disclosure Firefox Thunderbird Debian Linux +1
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
34.6%
Threat
6.3
CVE-2024-27822 HIGH POC Act Now

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-30038 HIGH POC Act Now

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2024-4605 HIGH Act Now

The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.1% and no vendor patch available.

Code Injection RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
20.1%
CVE-2024-4770 HIGH POC This Week

When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-35010 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35009 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32352 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-32351 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-32350 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-3940 HIGH POC This Week

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Recaptcha Jetpack
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35050 HIGH POC This Week

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Surveyking
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-34942 HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-34921 HIGH POC This Week

TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
9.3%
CVE-2024-34221 HIGH POC This Week

Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Human Resource Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-34211 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cp450 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34207 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-34200 HIGH POC This Week

TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Cp450 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-34196 HIGH POC This Week

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service A3002Ru V3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4771 HIGH POC This Week

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-34219 HIGH POC THREAT This Week

TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cp450 Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
20.8%
CVE-2024-34199 HIGH POC This Week

TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tinyweb
NVD GitHub
CVSS 3.1
8.6
EPSS
1.2%
CVE-2024-4776 HIGH POC This Week

A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Firefox
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-34974 HIGH POC This Week

Tenda AC18 v15.03.05.19 is vulnerable to Buffer Overflow in the formSetPPTPServer function via the endIp parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure Ac18 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-29800 HIGH POC PATCH This Week

Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.23.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-2441 HIGH POC This Week

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Vikbooking Hotel Booking Engine Pms
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-32355 HIGH POC This Week

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.8%
CVE-2024-0762 HIGH POC This Week

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Intel Securecore Technology
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-31771 HIGH POC This Week

Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Totalav
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-34217 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
7.7
EPSS
0.6%
CVE-2024-34950 HIGH POC This Week

D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure D-Link Dir 822 Firmware
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2024-4068 HIGH POC PATCH This Week

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Braces
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-34352 HIGH POC PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 1panel
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-34351 HIGH POC PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
5.5%
CVE-2024-34220 HIGH POC This Week

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-32739 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-32738 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2024-32737 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-32736 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-31441 HIGH POC This Week

DataEase is an open source data visualization analysis tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-30259 HIGH POC This Week

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-30258 HIGH POC PATCH This Week

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-34224 HIGH POC This Week

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-34215 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-34212 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-34210 HIGH POC This Week

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
1.2%
CVE-2024-34205 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
1.2%
CVE-2024-34201 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-34077 HIGH POC PATCH This Week

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 3.1
7.3
EPSS
1.2%
CVE-2024-34338 HIGH POC This Week

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection O3 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.8%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy