Skip to main content
CVE-2024-24551 HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Bludit
NVD
CVSS 4.0
8.9
EPSS
0.8%
CVE-2024-24550 HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Bludit
NVD
CVSS 4.0
8.9
EPSS
0.7%
CVE-2024-6293 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6292 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6290 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37677 HIGH POC This Week

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Access Management Specialist
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36683 HIGH POC This Week

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-34992 HIGH This Week

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37109 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.26.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wishlist Member
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37107 HIGH This Week

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.26.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wishlist Member X
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37092 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Consulting Elementor Widgets
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37091 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Consulting Elementor Widgets
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-38384 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-38373 HIGH This Week

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freertos Plus Tcp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-6287 HIGH PATCH This Week

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Rcar Gen3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4748 HIGH This Week

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Cruddiy
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-39291 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38667 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38664 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-36495 HIGH This Week

The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file:. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-5862 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-36682 HIGH This Week

In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-34991 HIGH This Week

In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33687 HIGH This Week

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nj101 1000 Firmware Nj101 1020 Firmware Nj101 9000 Firmware Nj101 9020 Firmware +51
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-37111 HIGH This Week

Missing Authorization vulnerability in Membership Software WishList Member X.26.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wishlist Member X
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36496 HIGH This Week

The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-34027 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover. Rated high severity (CVSS 7.0). This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Checkpoint Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy