Skip to main content
CVE-2024-36728 HIGH POC This Week

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Tew 827Dru Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
5.2%
CVE-2024-36569 HIGH POC This Week

Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP Gas Agency Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-32983 HIGH POC PATCH This Week

Misskey is an open source, decentralized microblogging platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Misskey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36128 HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Directus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-36127 HIGH POC PATCH This Week

apko is an apk-based OCI image builder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-23668 HIGH This Week

An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiwebmanager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23670 HIGH This Week

An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiwebmanager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23667 HIGH This Week

An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiwebmanager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23665 HIGH This Week

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiweb
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-23360 HIGH This Week

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-36963 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35630 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LJ Apps WP TripAdvisor Review Slider allows Blind SQL Injection.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-4540 HIGH PATCH This Week

A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-23363 HIGH This Week

Transient DOS while processing an improperly formatted Fine Time Measurement (FTM) management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +120
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20066 HIGH This Week

In modem, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Nr16 Nr17
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-34794 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainacan tainacan.21.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-35631 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foliovision FV Flowplayer Video Player allows Reflected XSS.5.45.7212. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-36960 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy