Skip to main content
CVE-2024-22296 HIGH This Week

Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.14.28. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass 12 Step Meeting List
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-21751 HIGH This Week

Missing Authorization vulnerability in RabbitLoader.19.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rabbitloader
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35306 HIGH This Week

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. Rated high severity (CVSS 8.7). No vendor patch available.

PHP Command Injection Pandora Fms
NVD
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-23299 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-5597 HIGH This Week

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Monitouch V Sft
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2024-34761 HIGH This Week

Vulnerability discovered by executing a planned security audit. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-27857 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-5785 HIGH This Week

Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-27817 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27832 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27836 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27811 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27848 HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27831 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27828 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Tvos +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27801 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27802 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Information Disclosure Ipados +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-37289 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-36358 HIGH This Week

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deep Security Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-36305 HIGH This Week

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-36303 HIGH This Week

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-36302 HIGH This Week

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-32849 HIGH This Week

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Maximum Security 2022 Maximum Security 2023
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-34332 HIGH This Week

An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26507 HIGH This Week

An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-36971 HIGH KEV PATCH THREAT This Week

In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
2.7%
CVE-2024-34800 HIGH This Week

Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-36471 HIGH This Week

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Allura
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-36416 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suitecrm
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-22279 HIGH This Week

Improper handling of requests in Routing Release > v0.273.0 and <= v0.297.0 allows an unauthenticated attacker to degrade the service availability of the Cloud Foundry deployment if performed at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Cf Deployment Routing Release
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35745 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Strategery Migrations
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-37051 HIGH This Week

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aqua Clion Datagrip Dataspell +9
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2024-36972 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-36405 HIGH PATCH This Week

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Liboqs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28833 HIGH This Week

Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-5102 HIGH This Week

A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Information Disclosure Microsoft Antivirus
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-4744 HIGH This Week

Missing Authorization vulnerability in Avirtum iPages Flipbook.5.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ipages Flipbook
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-35742 HIGH This Week

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.9.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easy Forms For Mailchimp
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-36304 HIGH This Week

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-27838 MEDIUM This Month

The issue was addressed by adding additional logic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-27830 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-27850 MEDIUM This Month

This issue was addressed with improvements to the noise injection algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-27812 MEDIUM This Month

A logic issue was addressed with improved file handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Visionos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-27800 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-36414 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-36407 MEDIUM This Month

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-35754 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ovic Importer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-35744 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Upunzipper
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35743 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sc Filechecker
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35474 MEDIUM This Month

A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy