Skip to main content
CVE-2024-37665 HIGH POC This Week

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gb28181
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34065 HIGH POC PATCH This Week

Strapi is an open-source content management system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Strapi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-36263 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apache Submarine
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-5211 HIGH POC PATCH This Week

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Anythingllm
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-4845 HIGH PATCH This Week

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Icegram Express
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-37038 HIGH PATCH This Week

user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Sage Rtu Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-25949 HIGH PATCH This Week

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Networking Os10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2698 HIGH This Week

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Freeipa
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3468 HIGH This Week

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2024-5543 HIGH This Week

The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37040 HIGH PATCH This Week

exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Sage Rtu Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37037 HIGH PATCH This Week

Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sage Rtu Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-37300 HIGH PATCH This Week

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-5154 HIGH PATCH This Week

A flaw was found in cri-o. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cri O Openshift Container Platform
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-3183 HIGH This Week

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Enterprise Linux Aus Enterprise Linux Eus Enterprise Linux Tus +1
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2024-2747 HIGH This Week

cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Easergy Studio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0865 HIGH This Week

escalation when logged in as a non-administrative user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure It Gateway
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28964 HIGH This Week

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dell Common Event Enabler
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-36856 HIGH This Week

RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-5798 HIGH PATCH This Week

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-5560 HIGH PATCH This Week

device’s web interface when an attacker sends a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Sage Rtu Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-37039 HIGH PATCH This Week

device when an attacker sends a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sage Rtu Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-3467 HIGH This Week

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Pi Asset Framework Client
NVD
CVSS 4.0
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy