Skip to main content
CVE-2024-5820 HIGH POC This Week

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SSRF Devika
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-39158 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39154 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5885 HIGH POC This Week

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-39134 HIGH POC This Week

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Zziplib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6250 HIGH POC This Week

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2024-6090 HIGH POC This Week

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Chuanhuchatgpt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2024-6038 HIGH POC This Week

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chuanhuchatgpt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2024-5979 HIGH POC This Week

In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Denial Of Service H2O
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-5548 HIGH POC PATCH This Week

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Path Traversal Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2024-5547 HIGH POC PATCH This Week

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2024-5334 HIGH POC PATCH This Week

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2024-6054 HIGH This Week

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress RCE Auto Featured Image
NVD
CVSS 3.1
8.8
EPSS
6.9%
CVE-2024-5655 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
7.5%
CVE-2024-6085 HIGH This Week

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2024-4578 HIGH This Week

This Advisory describes an issue that impacts Arista Wireless Access Points. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-39207 HIGH This Week

lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-39130 HIGH This Week

A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38523 HIGH This Week

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass XSS CSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-3043 HIGH This Week

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31916 HIGH This Week

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Openbmc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24792 HIGH PATCH This Week

Parsing a corrupt or malicious image with invalid color indices can cause a panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6323 HIGH This Week

Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-5824 HIGH PATCH This Week

A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.0
7.4
EPSS
0.4%
CVE-2024-4395 HIGH This Week

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Apple
NVD GitHub
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-6139 HIGH This Week

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2024-36074 HIGH This Week

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-36073 HIGH This Week

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy