Skip to main content
CVE-2024-39023 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39022 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-34361 HIGH POC PATCH This Week

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Pi Hole
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2024-37769 HIGH POC This Week

Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 14Finger
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37767 HIGH POC This Week

Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 14Finger
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-39027 HIGH POC This Week

SeaCMS v12.9 has an unauthorized SQL injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-27713 HIGH This Week

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the HTTP Response Header Settings component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eskooly
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27711 HIGH This Week

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eskooly
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37903 HIGH PATCH This Week

Mastodon is a self-hosted, federated microblogging platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Mastodon
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-27715 HIGH This Week

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Eskooly
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-39696 HIGH PATCH This Week

Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Evmos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-39480 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-39479 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed resources, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39182 HIGH This Week

An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33862 HIGH PATCH This Week

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-5753 HIGH This Week

vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Python
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-39689 HIGH PATCH This Week

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mozilla Certifi Management Services For Element Software And Netapp Hci Ontap Select Deploy Administration Utility +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-39321 HIGH PATCH This Week

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Traefik
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39210 HIGH This Week

Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Best House Rental Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-39687 HIGH PATCH This Week

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy