Skip to main content
CVE-2024-38396 CRITICAL POC PATCH Act Now

An issue was discovered in iTerm2 3.5.x before 3.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Iterm2
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-34451 CRITICAL POC Act Now

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghost
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-38458 HIGH POC PATCH This Week

Xenforo before 2.2.16 allows code injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Xenforo
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-38457 HIGH POC PATCH This Week

Xenforo before 2.2.16 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Xenforo
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2024-38460 MEDIUM POC PATCH This Month

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonarqube
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-38468 CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38466 CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38462 CRITICAL PATCH Act Now

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Irods
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38395 CRITICAL PATCH Act Now

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Iterm2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-6041 MEDIUM POC This Month

A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6039 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Feng Office 3.11.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft Feng Office
NVD VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-38448 CRITICAL Act Now

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-38428 CRITICAL PATCH Act Now

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wget
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-38427 HIGH This Week

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-38459 HIGH PATCH This Week

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Langchain Experimental
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38467 HIGH This Week

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synthesis Image System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38461 HIGH This Week

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irods
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38443 MEDIUM This Month

C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-38454 MEDIUM PATCH This Month

ExpressionEngine before 7.4.11 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Expressionengine
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36397 MEDIUM This Month

Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediaaccess Dga2232 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38465 MEDIUM This Month

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synthesis Image System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-38394 MEDIUM This Month

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linux
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy