Skip to main content
CVE-2024-38458 HIGH POC PATCH This Week

Xenforo before 2.2.16 allows code injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Xenforo
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-38457 HIGH POC PATCH This Week

Xenforo before 2.2.16 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Xenforo
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2024-38427 HIGH This Week

In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-38459 HIGH PATCH This Week

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Langchain Experimental
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38467 HIGH This Week

Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synthesis Image System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38461 HIGH This Week

irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Irods
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy