Skip to main content
CVE-2024-38447 HIGH POC This Week

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Advisor Network
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-40641 HIGH POC PATCH This Week

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-40492 HIGH POC This Week

Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Heartbeat
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2024-6467 HIGH PATCH This Week

The BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE WordPress Bookingpress
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-6660 HIGH PATCH This Week

The BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Privilege Escalation Bookingpress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40119 HIGH This Week

Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-28074 HIGH This Week

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
10.9%
CVE-2024-23475 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-23474 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-23471 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-23470 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-23469 HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
17.9%
CVE-2024-23467 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2024-23466 HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-23465 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-27311 HIGH This Week

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho File Upload Manageengine Ddi Central
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-31411 HIGH PATCH This Week

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache File Upload Streampipes
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-36475 HIGH This Week

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-39877 HIGH PATCH This Week

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Apache RCE Airflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-28993 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-28992 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.3
EPSS
1.9%
CVE-2024-23468 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.3
EPSS
3.4%
CVE-2024-23472 HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Access Rights Manager
NVD
CVSS 3.1
8.0
EPSS
18.6%
CVE-2024-20435 HIGH This Week

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Asyncos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20323 HIGH This Week

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Inode Inode Manager
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-20395 HIGH This Week

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Teams
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-20429 HIGH This Week

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asyncos
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-20296 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco File Upload Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy