Skip to main content
CVE-2024-4757 HIGH POC This Week

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Logo Manager For Enamad
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-4498 HIGH POC This Week

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.0
7.7
EPSS
0.5%
CVE-2024-38952 HIGH POC This Week

PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-5216 HIGH POC PATCH This Week

A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-21827 HIGH POC This Week

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Er7206 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-5431 HIGH This Week

The WPCafe - Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP LFI Wpcafe
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-5015 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-38516 HIGH PATCH This Week

ai-client-html is an Aimeos e-commerce HTML client component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5008 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Whatsup Gold
NVD
CVSS 3.1
8.8
EPSS
17.3%
CVE-2024-6257 HIGH PATCH This Week

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Hashicorp Command Injection Go Getter
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6303 HIGH This Week

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Conduit
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4639 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Us Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4638 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Us Firmware Oncell G3470A Lte Us T Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5990 HIGH This Week

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Thinmanager Thinserver
NVD
CVSS 4.0
8.7
EPSS
2.3%
CVE-2024-5012 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Whatsup Gold
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-37855 HIGH This Week

An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-5009 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Whatsup Gold
NVD
CVSS 3.1
8.4
EPSS
15.0%
CVE-2024-37742 HIGH This Week

Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-4640 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Us Firmware
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-39463 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-37007 HIGH This Week

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37006 HIGH This Week

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37005 HIGH This Week

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Advance Steel Civil 3D +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37004 HIGH This Week

A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37003 HIGH This Week

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-36999 HIGH This Week

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23159 HIGH This Week

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Autocad Autocad Architecture Autocad Electrical Autocad Map 3D +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23158 HIGH This Week

A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Map 3D Autocad Mechanical +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23157 HIGH This Week

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23156 HIGH This Week

A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23155 HIGH This Week

A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23154 HIGH This Week

A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23153 HIGH This Week

A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23152 HIGH This Week

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23151 HIGH This Week

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23150 HIGH This Week

A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37002 HIGH This Week

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Autocad Autocad Architecture Autocad Electrical Autocad Map 3D +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37001 HIGH This Week

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37000 HIGH This Week

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23149 HIGH This Week

A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23148 HIGH This Week

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23147 HIGH This Week

A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23146 HIGH This Week

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23145 HIGH This Week

A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23144 HIGH This Week

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23143 HIGH This Week

A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Map 3D Autocad Mechanical +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23142 HIGH This Week

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23141 HIGH This Week

A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Autocad Autocad Architecture Autocad Electrical Autocad Map 3D +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23140 HIGH This Week

A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-5019 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Whatsup Gold
NVD
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy