Skip to main content
CVE-2024-5910 CRITICAL POC KEV THREAT Emergency

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Paloalto Expedition
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
91.8%
CVE-2024-6235 CRITICAL POC THREAT Act Now

Sensitive information disclosure in NetScaler Console. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Citrix Netscaler Console
NVD
CVSS 4.0
9.4
EPSS
21.3%
CVE-2024-4879 CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Servicenow
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
100.0%
CVE-2024-5217 CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Servicenow
NVD
CVSS 4.0
9.2
EPSS
99.6%
CVE-2024-6037 CRITICAL POC THREAT Act Now

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chuanhuchatgpt
NVD GitHub
CVSS 3.1
9.1
EPSS
10.6%
CVE-2024-6036 CRITICAL POC THREAT Act Now

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chuanhuchatgpt
NVD
CVSS 3.1
9.1
EPSS
10.8%
CVE-2024-37770 CRITICAL POC Act Now

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE 14Finger
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-21524 CRITICAL POC Act Now

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stringbuilder
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-40331 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40334 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40333 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-40329 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-7061 HIGH Act Now

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

File Upload RCE WordPress File Manager Advanced Shortcode
NVD
CVSS 3.1
8.8
EPSS
15.8%
CVE-2024-6649 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-6646 MEDIUM POC THREAT This Month

A vulnerability was found in Netgear WN604 up to 20240710. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Netgear
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
45.7%
CVE-2024-40328 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-38354 MEDIUM POC This Month

CodiMD allows realtime collaborative markdown notes on all platforms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codimd
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40336 MEDIUM POC This Month

idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Idccms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25077 CRITICAL Act Now

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-37113 CRITICAL Act Now

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.26.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6422 CRITICAL Act Now

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oit700 F113 B12 Cb Firmware Oit500 F113 B12 Cb Firmware Oit200 F113 B12 Cb Firmware Oit1500 F113 B12 Cb Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-7062 HIGH This Week

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2024-6652 MEDIUM POC This Month

A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gym Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-38353 MEDIUM POC This Month

CodiMD allows realtime collaborative markdown notes on all platforms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Codimd
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-6650 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-37310 CRITICAL Act Now

EVerest is an EV charging software stack. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-6411 HIGH PATCH This Week

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5792 HIGH This Week

The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belong_to’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37149 HIGH This Week

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
21.1%
CVE-2024-40332 HIGH This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-28828 HIGH This Week

Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36451 HIGH This Week

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Webmin
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-21417 HIGH This Week

Windows Text Services Framework Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-39562 HIGH This Week

A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39555 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39518 HIGH This Week

A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-3799 HIGH This Week

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which - when visited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
14.6%
CVE-2024-3798 HIGH This Week

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which - when visited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Command Injection
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-3325 HIGH This Week

Vulnerability in Jaspersoft JasperReport Servers.0.4 through 9.0.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jasperreports Server
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-6286 HIGH This Week

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Microsoft Workspace
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-6151 HIGH This Week

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Microsoft Virtual Apps And Desktops
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-21525 HIGH This Week

All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
8.3
EPSS
0.5%
CVE-2024-39559 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-39554 HIGH This Week

A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-39927 HIGH This Week

Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-37148 HIGH This Week

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
20.2%
CVE-2024-28827 HIGH This Week

Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Checkmk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38301 HIGH This Week

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Denial Of Service Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-39565 HIGH PATCH This Week

An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required.

Code Injection Juniper J Web Junos
NVD
CVSS 4.0
7.7
EPSS
0.5%
CVE-2024-32759 HIGH This Week

Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.7
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy