Skip to main content
CVE-2024-5411 HIGH POC THREAT This Week

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.01e and below. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Iap 420 Firmware
NVD
CVSS 4.0
8.7
EPSS
23.4%
CVE-2024-24919 HIGH POC KEV PATCH THREAT This Week

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Checkpoint Information Disclosure Quantum Spark Firmware Quantum Security Gateway Firmware Cloudguard Network Security
NVD
CVSS 3.1
8.6
EPSS
100.0%
CVE-2024-35397 HIGH Act Now

TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.0% and no vendor patch available.

Command Injection Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
19.0%
CVE-2024-5410 HIGH POC THREAT This Week

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).01e and below. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iap 420 Firmware
NVD
CVSS 4.0
8.3
EPSS
13.2%
CVE-2024-24959 HIGH POC This Week

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption P3 550E Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-24958 HIGH POC This Week

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption P3 550E Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-24957 HIGH POC This Week

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption P3 550E Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-24956 HIGH POC This Week

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption P3 550E Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-24955 HIGH POC This Week

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption P3 550E Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-24954 HIGH POC This Week

Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption P3 550E Firmware
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-24947 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption P3 550E Firmware P3 550 Firmware +4
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-24946 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption P3 550E Firmware P3 550 Firmware +4
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-29072 HIGH POC This Week

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-33402 HIGH POC This Week

A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-22181 HIGH POC This Week

An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libigl
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-22641 HIGH POC This Week

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service File Upload Tcpdf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-24851 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow P3 550E Firmware P3 550 Firmware P3 530 Firmware P2 550 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-23315 HIGH POC This Week

A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass P3 550E Firmware P3 550 Firmware P3 530 Firmware P2 550 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-35399 HIGH This Week

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-23951 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23950 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23949 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23948 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23947 HIGH This Week

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Libigl
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-26024 HIGH This Week

SUBNET Solutions Inc. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2024-28886 HIGH This Week

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2024-36110 HIGH PATCH This Week

ansibleguy-webui is an open source WebUI for using Ansible. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-24686 HIGH This Week

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Libigl
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-24685 HIGH This Week

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Libigl
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-24684 HIGH This Week

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Libigl
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-36109 HIGH This Week

CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-33450 HIGH This Week

SQL Injection in Finereport v.8.0 allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-35341 HIGH This Week

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-3657 HIGH This Week

A flaw was found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-29078 HIGH This Week

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-4429 HIGH This Week

Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure CSRF Imanager
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-35226 HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-28060 HIGH This Week

An issue was discovered in Apiris Kafeo 6.4.4. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-30165 HIGH This Week

Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-5415 HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-5414 HIGH This Week

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phpmybackuppro
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-30212 HIGH This Week

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure
NVD GitHub
CVSS 4.0
7.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy