Skip to main content
CVE-2024-6387 HIGH POC PATCH THREAT Act Now

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to exploit a signal handler race condition by failing to authenticate within the LoginGraceTime window, potentially yielding root-level code execution on glibc-based Linux systems. The flaw - widely known as 'regreSSHion' - affects numerous distributions and vendor appliances including Ubuntu 23.10/24.04, AlmaLinux 9, SonicWall SMA firmware, Arista EOS, NetApp ONTAP, and others. Publicly available exploit code exists and EPSS scores it at 48.06% (98th percentile), reflecting very high exploitation likelihood, though it is not currently listed in CISA KEV.

Information Disclosure SSH Sma 6200 Firmware Sma 7200 Firmware Eos +51
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
48.1%
Threat
4.6
CVE-2024-36401 CRITICAL POC KEV PATCH THREAT Act Now

GeoServer is an open source server that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Geoserver Geotools
NVD GitHub
CVSS 3.1
9.8
EPSS
99.8%
CVE-2024-36985 HIGH POC Act Now

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Splunk
NVD
CVSS 3.1
8.8
EPSS
6.5%
CVE-2024-38366 CRITICAL POC THREAT Act Now

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trunk Cocoapods Org
NVD GitHub
CVSS 3.1
10.0
EPSS
17.8%
CVE-2024-39251 CRITICAL POC Act Now

An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-37762 CRITICAL POC Act Now

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Machform
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2024-28200 CRITICAL POC Act Now

The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-39236 CRITICAL POC Act Now

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Gradio
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38996 CRITICAL POC PATCH Act Now

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Ag Grid
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-38993 CRITICAL POC Act Now

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Denial Of Service Jsonic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38367 CRITICAL POC PATCH THREAT Act Now

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trunk Cocoapods Org
NVD GitHub
CVSS 3.1
9.6
EPSS
11.1%
CVE-2024-37765 HIGH POC This Week

Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Machform
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-4007 HIGH POC This Week

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +10
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-32229 HIGH POC This Week

FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Ffmpeg
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-32230 HIGH POC This Week

FFmpeg 7.0 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-36991 HIGH POC THREAT This Week

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Path Traversal Microsoft
NVD
CVSS 3.1
7.5
EPSS
13.1%
CVE-2024-36421 HIGH POC This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Flowise
NVD GitHub
CVSS 3.1
7.5
EPSS
8.5%
CVE-2024-36420 HIGH POC This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flowise
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-38994 HIGH POC This Week

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Common
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-32228 MEDIUM POC This Month

FFmpeg 7.0 is vulnerable to Buffer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ffmpeg
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-36990 MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-39853 MEDIUM POC This Month

adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Swiper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-38997 MEDIUM POC This Month

adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Swiper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39002 MEDIUM POC This Month

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Denial Of Service Jsonic
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-39001 MEDIUM POC PATCH This Month

ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Ag Grid Ag Charts
NVD GitHub
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-37146 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37145 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-36423 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-36422 MEDIUM POC This Month

Flowise is a drag & drop user interface to build a customized large language model flow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flowise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38953 MEDIUM POC This Month

phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpok
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39008 CRITICAL PATCH Act Now

robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-38999 CRITICAL PATCH Act Now

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-39309 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Node.js
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2024-38513 CRITICAL PATCH Act Now

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Session Fixation Fiber
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6376 CRITICAL PATCH Act Now

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling.42.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Compass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39017 CRITICAL Act Now

agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39015 CRITICAL Act Now

cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39014 CRITICAL Act Now

ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39013 CRITICAL Act Now

2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-20080 CRITICAL Act Now

In gnss service, there is a possible escalation of privilege due to improper certificate validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Yocto Rdk B Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20078 CRITICAL Act Now

In venc, there is a possible out of bounds write due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-4934 MEDIUM POC This Month

The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-37764 MEDIUM POC This Month

MachForm up to version 19 is affected by an authenticated stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Machform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-37763 MEDIUM POC This Month

MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Machform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-36993 MEDIUM POC This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-38368 CRITICAL PATCH Act Now

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Trunk Cocoapods Org
NVD GitHub
CVSS 3.1
9.3
EPSS
14.9%
CVE-2024-6419 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Medicine Tracker System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5322 CRITICAL Act Now

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39305 CRITICAL PATCH Act Now

Envoy is a cloud-native, open source edge and service proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-21456 CRITICAL PATCH Act Now

Information Disclosure while parsing beacon frame in STA. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Fastconnect 7800 Firmware Qam8255p Firmware +39
NVD
CVSS 3.1
9.1
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy