Skip to main content
CVE-2024-38396 CRITICAL POC PATCH Act Now

An issue was discovered in iTerm2 3.5.x before 3.5.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Iterm2
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-34451 CRITICAL POC Act Now

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghost
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-38468 CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38466 CRITICAL Act Now

Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synthesis Image System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38462 CRITICAL PATCH Act Now

iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Irods
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38395 CRITICAL PATCH Act Now

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Iterm2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-38448 CRITICAL Act Now

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-38428 CRITICAL PATCH Act Now

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wget
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy