Skip to main content
CVE-2024-37626 HIGH POC This Week

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE A6000R Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-6189 HIGH POC This Week

A vulnerability was found in Tenda A301 15.13.08.12. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-37818 HIGH POC This Week

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Strapi
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-37899 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Atlassian Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-29390 HIGH POC This Week

Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Daily Expenses Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-3562 HIGH This Week

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP WordPress Code Injection Custom Field Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-3561 HIGH This Week

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Custom Field Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-5605 HIGH This Week

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Media Library Assistant
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-37532 HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jwt Attack Information Disclosure Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-6102 HIGH This Week

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6100 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-35246 HIGH This Week

An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L210 F2G Lynx Firmware
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-32943 HIGH This Week

An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L210 F2G Firmware
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-37676 HIGH This Week

An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-6153 HIGH This Week

Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6147 HIGH This Week

Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Poly Plantronics Hub
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-6162 HIGH PATCH This Week

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-29012 HIGH This Week

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28147 HIGH This Week

An authenticated user can upload arbitrary files in the upload function for collection preview images. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Denial Of Service File Upload
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-5746 HIGH This Week

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-3597 HIGH This Week

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Open Redirect Export Wp Page To Static Html Css
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy