Skip to main content
CVE-2024-29824 HIGH POC KEV THREAT Act Now

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
100.0%
CVE-2024-37032 HIGH POC PATCH THREAT Act Now

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ollama
NVD GitHub
CVSS 3.1
8.8
EPSS
89.6%
CVE-2024-5138 HIGH POC PATCH This Week

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Snapd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-36844 HIGH POC This Week

libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Libmodbus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-36843 HIGH POC This Week

libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Libmodbus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-4469 HIGH POC This Week

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wp Staging
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-5345 HIGH This Week

The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP LFI Information Disclosure RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34008 HIGH PATCH This Week

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-34007 HIGH PATCH This Week

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23316 HIGH This Week

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-29827 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
71.7%
CVE-2024-29826 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
99.9%
CVE-2024-29825 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
99.9%
CVE-2024-29823 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
99.9%
CVE-2024-29822 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
64.4%
CVE-2024-22059 HIGH This Week

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ivanti Neurons For Itsm
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2024-5525 HIGH This Week

Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Astrotalks
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5523 HIGH This Week

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Astrotalks
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34001 HIGH PATCH This Week

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Moodle
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-5564 HIGH This Week

A vulnerability was found in libndp. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-5565 HIGH This Week

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Python RCE
NVD
CVSS 3.1
8.1
EPSS
15.0%
CVE-2024-37017 HIGH This Week

asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-29846 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.5%
CVE-2024-29830 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.5%
CVE-2024-29829 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.2%
CVE-2024-29828 HIGH This Week

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
8.0
EPSS
8.5%
CVE-2024-2793 HIGH This Week

The Visual Website Collaboration, Feedback & Project Management - Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
4.0%
CVE-2024-22058 HIGH This Week

A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Ivanti Endpoint Manager
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2024-36120 HIGH PATCH This Week

javascript-deobfuscator removes common JavaScript obfuscation techniques. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Javascript Deobfuscator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-35142 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35140 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Docker Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34009 HIGH PATCH This Week

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-5436 HIGH This Week

Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Snapchat Lenscore
NVD
CVSS 4.0
7.3
EPSS
0.5%
CVE-2024-29848 HIGH This Week

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
CVSS 3.1
7.2
EPSS
64.4%
CVE-2024-28736 HIGH This Week

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.1
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy