Skip to main content
CVE-2024-23949 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23948 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23947 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-35511 MEDIUM POC This Month

phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Men Salon Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-26024 HIGH This Week

SUBNET Solutions Inc. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2024-28886 HIGH This Week

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2024-36110 HIGH PATCH This Week

ansibleguy-webui is an open source WebUI for using Ansible. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-24686 HIGH This Week

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Libigl
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-24685 HIGH This Week

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Libigl
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-24684 HIGH This Week

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Libigl
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-36109 HIGH This Week

CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-33450 HIGH This Week

SQL Injection in Finereport v.8.0 allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-35341 HIGH This Week

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-3657 HIGH This Week

A flaw was found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-29078 HIGH This Week

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-4429 HIGH This Week

Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure CSRF Imanager
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-35226 HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-28060 HIGH This Week

An issue was discovered in Apiris Kafeo 6.4.4. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-30165 HIGH This Week

Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-5415 HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-5414 HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-30212 HIGH This Week

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure
NVD GitHub
CVSS 4.0
7.0
EPSS
0.6%
CVE-2024-5434 MEDIUM This Month

The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-30164 MEDIUM This Month

Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-36112 MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23580 MEDIUM This Month

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23579 MEDIUM This Month

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-36472 MEDIUM This Month

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-33849 MEDIUM This Month

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-28880 MEDIUM This Month

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2451 MEDIUM This Month

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via. Rated medium severity (CVSS 6.4). No vendor patch available.

Apple Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-28061 MEDIUM This Month

An issue was discovered in Apiris Kafeo 6.4.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-5413 MEDIUM This Month

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35401 MEDIUM This Month

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-2199 MEDIUM This Month

A denial of service vulnerability was found in 389-ds-base ldap server. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-35400 MEDIUM This Month

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35548 MEDIUM This Month

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-35240 MEDIUM PATCH This Month

Umbraco Commerce is an open source dotnet ecommerce solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35239 MEDIUM PATCH This Month

Umbraco Commerce is an open source dotnet web forms solution. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Umbraco Forms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28793 MEDIUM This Month

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Workflow Management
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5433 MEDIUM This Month

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-36107 MEDIUM PATCH This Month

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35621 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-35342 MEDIUM This Month

Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-24584 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libigl
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-24583 MEDIUM This Month

Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libigl
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-32944 LOW Monitor

Path traversal vulnerability exists in UTAU versions prior to v0.4.19. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-35403 LOW Monitor

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cp900L Firmware
NVD GitHub
CVSS 3.1
2.7
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy