Skip to main content
CVE-2024-4403 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lollms Webui
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36528 HIGH POC This Week

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Egovernment Nukeviet
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27815 HIGH Act Now

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.3% and no vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +5
NVD VulDB
CVSS 3.1
7.8
EPSS
24.3%
CVE-2024-4328 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lollms Web Ui
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-37393 HIGH POC This Week

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Multi Factor Authentication Solutions
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2024-37880 HIGH POC PATCH This Week

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kyber
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27833 HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow Safari Ipados +3
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-27851 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27820 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27808 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-37166 HIGH PATCH This Week

ghtml is software that uses tagged templates for template engine functionality. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.9
EPSS
0.4%
CVE-2024-35305 HIGH This Week

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. Rated high severity (CVSS 8.9). No vendor patch available.

SQLi Pandora Fms
NVD
CVSS 4.0
8.9
EPSS
0.4%
CVE-2024-27855 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36418 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-36415 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-36411 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-36410 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-36409 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-36408 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-35741 HIGH This Week

Missing Authorization vulnerability in Awesome Support Team Awesome Support.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Awesome Support
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35727 HIGH This Week

Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Extra Product Options For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35726 HIGH This Week

Missing Authorization vulnerability in ThemeKraft WooBuddy.4.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Buddypress Woocommerce My Account Integration Create Woocommerce Member Pages
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35725 HIGH This Week

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.3.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Element Kit For Elementor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35724 HIGH This Week

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.0.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Bosa Elementor Addons And Templates For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35722 HIGH This Week

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow - Image slider, Gallery slideshow.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Slider Responsive Slideshow
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35721 HIGH This Week

Missing Authorization vulnerability in A WP Life Image Gallery - Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Image Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35720 HIGH This Week

Missing Authorization vulnerability in A WP Life Album Gallery - WordPress Gallery.5.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Album Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35717 HIGH This Week

Missing Authorization vulnerability in A WP Life Media Slider - Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Media Slider
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23524 HIGH This Week

Missing Authorization vulnerability in ONTRAPORT Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pilotpress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22296 HIGH This Week

Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.14.28. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass 12 Step Meeting List
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-21751 HIGH This Week

Missing Authorization vulnerability in RabbitLoader.19.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rabbitloader
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35306 HIGH This Week

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. Rated high severity (CVSS 8.7). No vendor patch available.

PHP Command Injection Pandora Fms
NVD
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-23299 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-5597 HIGH This Week

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Monitouch V Sft
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2024-34761 HIGH This Week

Vulnerability discovered by executing a planned security audit. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-27857 HIGH This Week

An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-5785 HIGH This Week

Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-27817 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27832 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27836 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27811 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27848 HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27831 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27828 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Tvos +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27801 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-27802 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Information Disclosure Ipados +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-37289 HIGH This Week

An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-36358 HIGH This Week

A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deep Security Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-36305 HIGH This Week

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-36303 HIGH This Week

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy