Skip to main content
CVE-2024-6425 CRITICAL Act Now

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesbook
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-23736 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-36984 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk Microsoft
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-36983 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-38992 HIGH This Week

airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-38991 HIGH This Week

akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-6130 MEDIUM POC This Month

The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Form Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-6424 HIGH This Week

External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Mesbook
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-36997 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-39016 HIGH This Week

che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-20399 MEDIUM KEV THREAT This Month

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary commands as root on the underlying operating system of an affected device.

NVD
CVSS 3.1
6.0
EPSS
0.8%
CVE-2024-23380 HIGH PATCH This Week

Memory corruption while handling user packets during VBO bind operation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +102
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23373 HIGH PATCH This Week

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Aqt1000 Firmware +218
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23372 HIGH PATCH This Week

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +106
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23368 HIGH PATCH This Week

Memory corruption when allocating and accessing an entry in an SMEM partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +337
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21482 HIGH PATCH This Week

Memory corruption during the secure boot process, when the `bootm` command is used, it bypasses the authentication of the kernel/rootfs image. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Csr8811 Firmware Immersive Home 214 Platform Firmware Immersive Home 216 Platform Firmware Immersive Home 316 Platform Firmware +65
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21469 HIGH This Week

Memory corruption when an invoke call and a TEE call are bound for the same trusted application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +219
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21465 HIGH This Week

Memory corruption while processing key blob passed by the user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +253
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21461 HIGH This Week

Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Apq8017 Firmware Apq8037 Firmware +307
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0153 HIGH This Week

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 5Th Gen Gpu Architecture Firmware Valhall Gpu Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39249 HIGH This Week

Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-37298 HIGH PATCH This Week

gorilla/schema converts structs to and from form values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-36982 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Splunk Cloud
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21586 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series and NFX Series allows an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21466 HIGH PATCH This Week

Information disclosure while parsing sub-IE length during new IE generation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Fastconnect 7800 Firmware Immersive Home 3210 Platform Firmware Immersive Home 326 Platform Firmware +61
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-21458 HIGH PATCH This Week

Information disclosure while handling SA query action frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Csr8811 Firmware Fastconnect 7800 Firmware +108
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-21457 HIGH PATCH This Week

INformation disclosure while handling Multi-link IE in beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Csr8811 Firmware Fastconnect 7800 Firmware +108
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-24749 HIGH PATCH This Week

GeoServer is an open source server that allows users to share and edit geospatial data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Tomcat Path Traversal Apache Microsoft Geoserver
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20077 HIGH This Week

In Modem, there is a possible system crash due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Lr12a
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20076 HIGH This Week

In Modem, there is a possible system crash due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Lr12a
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-39003 HIGH This Week

amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service Common
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-3123 HIGH This Week

CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-20081 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20079 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-36987 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk File Upload Cloud
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6375 MEDIUM PATCH This Month

A command for refining a collection shard key is missing an authorization check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21460 MEDIUM This Month

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm8550 Firmware Qcs8550 Firmware +10
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-39000 MEDIUM This Month

adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service Swiper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-39018 MEDIUM This Month

harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-38990 MEDIUM This Month

Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Denial Of Service
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-38987 MEDIUM This Month

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-39430 MEDIUM This Month

In faceid servive, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-39429 MEDIUM This Month

In faceid servive, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-36986 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk Cloud
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-21462 MEDIUM This Month

Transient DOS while loading the TA ELF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware +305
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39310 MEDIUM This Month

The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `post_title` parameter in versions up to, and including, 2.0.4 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-23737 MEDIUM This Month

Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian S Notify
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-39303 MEDIUM PATCH This Month

Weblate is a web based localization tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Weblate
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36994 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36992 MEDIUM This Month

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Splunk Splunk Cloud Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy