Skip to main content
CVE-2024-23692 CRITICAL POC KEV THREAT Emergency

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ssti Http File Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.5%
CVE-2024-29824 HIGH POC KEV THREAT Act Now

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
100.0%
CVE-2024-37032 HIGH POC PATCH THREAT Act Now

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ollama
NVD GitHub
CVSS 3.1
8.8
EPSS
89.6%
CVE-2024-31030 CRITICAL POC Act Now

An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-5138 HIGH POC PATCH This Week

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Snapd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-36844 HIGH POC This Week

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Libmodbus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-36843 HIGH POC This Week

libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Libmodbus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-4469 HIGH POC This Week

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wp Staging
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33999 CRITICAL PATCH Act Now

The referrer URL used by MFA required additional sanitizing, rather than being used directly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36108 CRITICAL Act Now

casgate is an Open Source Identity and Access Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36246 CRITICAL Act Now

Missing authorization vulnerability exists in Unifier and Unifier Cast. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32850 CRITICAL Act Now

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-5176 CRITICAL Act Now

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.9.4.1 and prior. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-1275 CRITICAL Act Now

Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.52. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.1
EPSS
0.4%
CVE-2024-37018 CRITICAL Act Now

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-5345 HIGH This Week

The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP LFI Information Disclosure RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34008 HIGH PATCH This Week

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-34007 HIGH PATCH This Week

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23316 HIGH This Week

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-29827 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
71.7%
CVE-2024-29826 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
99.9%
CVE-2024-29825 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
99.9%
CVE-2024-29823 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
99.9%
CVE-2024-29822 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
64.4%
CVE-2024-22059 HIGH This Week

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ivanti Neurons For Itsm
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2024-5525 HIGH This Week

Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Astrotalks
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5523 HIGH This Week

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Astrotalks
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34001 HIGH PATCH This Week

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Moodle
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-36845 MEDIUM POC This Month

An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libmodbus
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-5564 HIGH This Week

A vulnerability was found in libndp. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-5565 HIGH This Week

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Python RCE
NVD
CVSS 3.1
8.1
EPSS
15.0%
CVE-2024-37017 HIGH This Week

asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-29846 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.5%
CVE-2024-29830 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.5%
CVE-2024-29829 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.2%
CVE-2024-29828 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.5%
CVE-2024-2793 HIGH This Week

The Visual Website Collaboration, Feedback & Project Management - Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2024-22058 HIGH This Week

A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Ivanti Endpoint Manager
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2024-36120 HIGH PATCH This Week

javascript-deobfuscator removes common JavaScript obfuscation techniques. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Javascript Deobfuscator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-35142 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35140 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Docker Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34009 HIGH PATCH This Week

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-5436 HIGH This Week

Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Snapchat Lenscore
NVD
CVSS 4.0
7.3
EPSS
0.5%
CVE-2024-29848 HIGH This Week

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
CVSS 3.1
7.2
EPSS
64.4%
CVE-2024-28736 HIGH This Week

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.1
EPSS
2.5%
CVE-2024-34005 MEDIUM PATCH This Month

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34004 MEDIUM PATCH This Month

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34002 MEDIUM PATCH This Month

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5418 MEDIUM PATCH This Month

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Dethemekit For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4376 MEDIUM PATCH This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Premium Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy