Skip to main content
CVE-2024-30088 HIGH POC KEV PATCH THREAT Act Now

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilRig (APT34/Iranian) group for government network compromise.

Windows
NVD GitHub
CVSS 3.1
7.0
EPSS
84.1%
CVE-2024-35250 HIGH POC KEV PATCH THREAT Act Now

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
25.2%
CVE-2024-30085 HIGH POC PATCH THREAT Act Now

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
7.8
EPSS
15.1%
CVE-2024-5699 CRITICAL POC Act Now

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-5688 HIGH POC This Week

If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-30103 HIGH PATCH Act Now

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.0%.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel +1
NVD VulDB
CVSS 3.1
8.8
EPSS
15.0%
CVE-2024-2473 MEDIUM POC PATCH THREAT This Month

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.8%.

WordPress Authentication Bypass Wps Hide Login
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
11.8%
CVE-2024-36650 HIGH POC This Week

TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3100R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-36702 HIGH POC This Week

libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libiec61850
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-37301 HIGH POC PATCH This Week

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ssti
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-36821 MEDIUM POC This Month

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys Velop Whw0101 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.9%
CVE-2024-5692 MEDIUM POC This Month

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Microsoft Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-37161 MEDIUM POC This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metersphere
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3549 CRITICAL PATCH Act Now

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Blog2Social
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-2013 CRITICAL Act Now

An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Foxman Un Unem
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-30080 CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +12
NVD
CVSS 3.1
9.8
EPSS
43.1%
CVE-2024-2012 CRITICAL Act Now

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxman Un Unem
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2011 CRITICAL Act Now

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Denial Of Service Foxman Un +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5701 CRITICAL Act Now

Memory safety bugs present in Firefox 126. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5695 CRITICAL Act Now

If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36360 CRITICAL Act Now

OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-5687 MEDIUM POC This Month

If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Mozilla Firefox
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34405 CRITICAL Act Now

Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-35213 CRITICAL Act Now

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-31401 CRITICAL Act Now

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-29855 CRITICAL Act Now

Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Recovery Orchestrator
NVD
CVSS 3.0
9.0
EPSS
21.6%
CVE-2024-5847 HIGH This Week

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5845 HIGH This Week

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5844 HIGH This Week

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5842 HIGH This Week

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5841 HIGH This Week

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5838 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5837 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5835 HIGH This Week

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5834 HIGH This Week

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5833 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5832 HIGH This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5831 HIGH This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5830 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-35249 HIGH PATCH This Week

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Dynamics 365 Business Central
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2024-32143 HIGH This Week

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Podlove Podcast Publisher
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30097 HIGH PATCH This Week

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-30078 HIGH PATCH This Week

Windows Wi-Fi Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2024-30068 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-30064 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows Server 2022 Windows Server 2022 23h2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-35292 HIGH This Week

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-35716 HIGH This Week

Missing Authorization vulnerability in Copymatic Copymatic - AI Content Writer & Generator.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Copymatic
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28877 HIGH This Week

MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Dicom Viewer
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-33606 HIGH This Week

An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dicom Viewer
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2024-24703 HIGH This Week

Missing Authorization vulnerability in MultiVendorX WC Marketplace.0.25. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy