Skip to main content
CVE-2024-34448 HIGH POC PATCH This Week

Ghost before 5.82.0 allows CSV Injection during a member CSV export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ghost
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-33220 HIGH POC This Week

An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ai Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-35559 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35558 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35556 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35552 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35553 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.3
EPSS
0.2%
CVE-2024-33219 HIGH POC This Week

An issue in the component AsIO64.sys of ASUSTeK Computer Inc ASUS SABERTOOTH X99 Driver v1.0.1.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Sabertooth X99 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-3518 HIGH PATCH This Week

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Media Library Assistant
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-29850 HIGH This Week

Veeam Backup Enterprise Manager allows account takeover via NTLM relay. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Veeam Backup Replication
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2024-20360 HIGH This Week

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Secure Firewall Management Center
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-36077 HIGH This Week

Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-33227 HIGH This Week

An issue in the component ddcdrv.sys of Nicomsoft WinI2C/DDC v3.7.4.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33223 HIGH This Week

An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5031 HIGH This Week

The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Memberpress
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-2088 HIGH PATCH This Week

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure WordPress Social Networks Auto Poster
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-4453 HIGH PATCH This Week

An integer overflow vulnerability in GStreamer's EXIF metadata parsing functionality allows remote attackers to execute arbitrary code when processing malicious media files containing crafted EXIF data. The vulnerability affects GStreamer versions 1.24.0 and 1.24.1, requiring user interaction to trigger but potentially leading to full system compromise in the context of the running process. With an EPSS score of 3.61% (88th percentile) indicating moderate real-world exploitation likelihood and patches available, this represents a significant risk for applications using GStreamer for media processing.

RCE Debian Linux Gstreamer
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2024-33228 HIGH This Week

An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Microsoft
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-33224 HIGH This Week

An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-33222 HIGH This Week

An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-29853 HIGH This Week

An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Microsoft Veeam Agent For Windows
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-4454 HIGH This Week

WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Client Security Elements Endpoint Protection Email And Server Security +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-27264 HIGH This Week

IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33225 HIGH This Week

An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33221 HIGH This Week

An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33218 HIGH This Week

An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4157 HIGH PATCH This Week

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Contact Form
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-4563 HIGH This Week

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moveit Automation
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-32988 HIGH This Week

'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-29851 HIGH This Week

Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service account. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Veeam Backup Replication
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2024-21791 HIGH This Week

Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
7.2
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy