Skip to main content
CVE-2024-36670 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36669 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36668 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36667 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36129 HIGH POC PATCH This Week

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Configgrpc Confighttp Opentelemetry Collector
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-36837 HIGH POC This Week

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crmeb
NVD GitHub
CVSS 3.1
7.5
EPSS
8.3%
CVE-2024-4084 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Anythingllm
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23669 HIGH This Week

An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiwebmanager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-4743 HIGH PATCH This Week

The LifterLMS - WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Lifterlms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5184 HIGH This Week

The EmailGPT service contains a prompt injection vulnerability. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emailgpt
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2024-5629 HIGH PATCH This Week

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Buffer Overflow Information Disclosure Pymongo Debian Linux
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-27379 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27377 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27376 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27375 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27374 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27373 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27372 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27371 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27370 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1662 HIGH This Week

Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Powerbank
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-2087 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-1272 HIGH This Week

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.251.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cockpit
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-28818 HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Exynos 980 Firmware Exynos 990 Firmware Exynos 1080 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-5037 HIGH PATCH This Week

A flaw was found in OpenShift's Telemeter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openshift Container Platform Openshift Distributed Tracing
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-3667 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-4009 HIGH This Week

Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware 2Tma310011B0001 Firmware 2Tma310011B0002 Firmware +2
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-4008 HIGH This Week

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware 2Tma310011B0001 Firmware 2Tma310011B0002 Firmware +2
NVD
CVSS 4.0
7.3
EPSS
0.3%
CVE-2024-1940 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27382 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-27378 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy