Skip to main content
CVE-2024-37840 HIGH POC This Week

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37848 HIGH POC This Week

SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Online Book Store Project
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-37621 HIGH POC This Week

StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Strongshop
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-37896 HIGH PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6045 HIGH This Week

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2024-6080 HIGH This Week

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Incontrol
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-5650 HIGH This Week

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-36577 HIGH PATCH This Week

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-37305 HIGH This Week

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow OpenSSL
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-37158 HIGH PATCH This Week

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Evmos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-36583 HIGH This Week

A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-36973 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() When auxiliary_device_add() returns error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38449 HIGH This Week

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.7
EPSS
1.0%
CVE-2024-36581 HIGH This Week

A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-37890 HIGH PATCH This Week

ws is an open source WebSocket client and server for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Node.js Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-37795 HIGH This Week

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-37794 HIGH This Week

Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-0397 HIGH This Week

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Python Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy