Skip to main content
CVE-2024-37081 HIGH POC Act Now

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Vcenter Server Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
5.0%
CVE-2024-38348 HIGH POC This Week

CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Health Care Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38347 HIGH POC This Week

CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Health Care Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37802 HIGH POC This Week

CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Health Care Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37821 HIGH PATCH This Week

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection File Upload RCE Dolibarr Erp Crm
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-38276 HIGH PATCH This Week

Incorrect CSRF token checks resulted in multiple CSRF risks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Fedora Moodle
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33620 HIGH This Week

Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-38506 HIGH This Week

In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-36974 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-22002 HIGH This Week

CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-5275 HIGH This Week

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-5527 HIGH This Week

The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE WordPress Business Directory
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-38275 HIGH PATCH This Week

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38505 HIGH This Week

In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy