Skip to main content
CVE-2024-36597 HIGH POC This Week

Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Life Insurance Management System
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-24320 HIGH POC This Week

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Cloudpanel
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-37645 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-37643 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-37641 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37644 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37640 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37639 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2024 HIGH Act Now

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.1% and no vendor patch available.

RCE WordPress Path Traversal
NVD
CVSS 3.1
8.8
EPSS
17.1%
CVE-2024-33377 HIGH POC This Week

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bl W1210M Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-5995 HIGH This Week

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3497 HIGH This Week

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3496 HIGH This Week

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4404 HIGH This Week

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Elementskit
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-37369 HIGH This Week

A privilege escalation vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Factorytalk View
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-36459 HIGH This Week

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2024-27169 HIGH This Week

Toshiba printers provides API without authentication for internal access. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-5659 HIGH This Week

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Controllogix 5580 Firmware Guardlogix 5580 Firmware 1756 En4 Firmware +3
NVD
CVSS 4.0
8.3
EPSS
0.3%
CVE-2024-37368 HIGH This Week

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Factorytalk View
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-37367 HIGH This Week

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Factorytalk View
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-36598 HIGH This Week

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE File Upload
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-37882 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-34694 HIGH PATCH This Week

LNbits is a Lightning wallet and accounts system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-5685 HIGH PATCH This Week

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.6.17 through v6.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Snipe It
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37885 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Nextcloud RCE Apple Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-3498 HIGH This Week

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27165 HIGH This Week

Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27155 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-5551 HIGH PATCH This Week

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Wp Staging
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37313 HIGH PATCH This Week

Nextcloud server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-27171 HIGH This Week

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation RCE Python
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-27170 HIGH This Week

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-27167 HIGH This Week

Toshiba printers use Sendmail to send emails to recipients. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27166 HIGH This Week

Coredump binaries in Toshiba printers have incorrect permissions. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27158 HIGH This Week

All the Toshiba printers share the same hardcoded root password. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-27153 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27152 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27151 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-27150 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27149 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27148 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27147 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-1094 HIGH This Week

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-31163 HIGH This Week

ASUS Download Master has a buffer overflow vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-31162 HIGH This Week

The specific function parameter of ASUS Download Master does not properly filter user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-31161 HIGH This Week

The upload functionality of ASUS Download Master does not properly filter user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Download Master
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-27178 HIGH This Week

An attacker can get Remote Code Execution by overwriting files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-27177 HIGH This Week

An attacker can get Remote Code Execution by overwriting files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-27176 HIGH This Week

An attacker can get Remote Code Execution by overwriting files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-3079 HIGH This Week

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
7.2
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy