Skip to main content
CVE-2024-5736 HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla!. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF PHP Admirorframes
NVD GitHub
CVSS 4.0
8.2
EPSS
1.2%
CVE-2024-5712 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Devika
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2024-27628 HIGH POC PATCH This Week

Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Dcmtk
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-38514 HIGH POC This Week

NextChat is a cross-platform ChatGPT/Gemini UI. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.4
EPSS
2.2%
CVE-2024-6403 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
1.0%
CVE-2024-6402 HIGH POC This Week

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD VulDB GitHub
CVSS 4.0
7.1
EPSS
1.0%
CVE-2024-37905 HIGH This Week

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-31912 HIGH This Week

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Mq
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-27629 HIGH This Week

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37370 HIGH PATCH This Week

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38525 HIGH This Week

dd-trace-cpp is the Datadog distributed tracing for C++. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38528 HIGH PATCH This Week

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-38322 HIGH This Week

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35116 HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-38374 HIGH PATCH This Week

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31919 HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-30135 HIGH This Week

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dryice Aex
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39350 HIGH This Week

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Synology Tc500 Firmware Bc500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-39348 HIGH This Week

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Synology Router Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-30111 HIGH This Week

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Aex
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39351 HIGH This Week

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-38532 HIGH This Week

The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-39708 HIGH This Week

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy