Skip to main content
CVE-2024-39202 HIGH POC This Week

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823X Ax3000 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-39701 HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Directus
NVD GitHub
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-6227 HIGH POC This Week

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Aim
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31504 HIGH POC This Week

Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Freemodbus
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-25639 HIGH POC PATCH This Week

Khoj is an application that creates personal AI agents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Khoj
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39895 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-39203 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Z Blogphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-5711 MEDIUM POC PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Devika
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1305 CRITICAL Act Now

tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Tap Windows6
NVD
CVSS 3.1
9.8
EPSS
15.4%
CVE-2024-39677 CRITICAL PATCH Act Now

NHibernate is an object-relational mapper for the .NET framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Nhibernate Core
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-39742 CRITICAL Act Now

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Mq Operator
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-27903 CRITICAL Act Now

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Openvpn
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2024-39896 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-39699 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Directus
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-37999 HIGH This Week

A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Medicalis Workflow Orchestrator
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-27459 HIGH This Week

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Openvpn
NVD
CVSS 3.1
7.8
EPSS
8.3%
CVE-2024-38330 HIGH This Week

IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-5971 HIGH PATCH This Week

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-23562 HIGH This Week

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-39743 HIGH This Week

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect memory de-allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Operator
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-24974 HIGH This Week

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvpn
NVD
CVSS 3.1
7.5
EPSS
9.8%
CVE-2024-21778 HIGH This Week

A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Rtl819X Jungle Software Development Kit Wbr 6013 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-6409 HIGH This Week

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE SSH
NVD GitHub
CVSS 3.1
7.0
EPSS
27.9%
CVE-2024-6564 MEDIUM PATCH This Month

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Arm Trusted Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-6563 MEDIUM PATCH This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Arm Trusted Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-4341 MEDIUM This Month

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Extreme Xds
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-34603 MEDIUM This Month

Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-34602 MEDIUM This Month

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-39308 MEDIUM PATCH This Month

RailsAdmin is a Rails engine that provides an interface for managing data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rails Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-37389 MEDIUM PATCH This Month

Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Nifi
NVD
CVSS 3.1
5.4
EPSS
24.0%
CVE-2024-37528 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Business Automation
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3653 MEDIUM PATCH This Month

A vulnerability was found in Undertow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2024-4882 MEDIUM This Month

The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6163 MEDIUM This Month

Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Checkmk
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-39723 MEDIUM This Month

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Virtualize
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-31897 MEDIUM This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-6580 LOW Monitor

The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ipworks Ssh
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2024-38372 LOW PATCH Monitor

Undici is an HTTP/1.1 client, written from scratch for Node.js. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

Node.js Information Disclosure
NVD GitHub
CVSS 3.1
2.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy