Skip to main content
CVE-2024-41319 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.5%
CVE-2024-6420 HIGH POC This Week

The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Hide My Wp Ghost
NVD WPScan
CVSS 3.1
8.6
EPSS
1.8%
CVE-2024-6714 HIGH POC PATCH This Week

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Ubuntu Desktop Provision
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41655 HIGH POC PATCH This Week

TF2 Item Format helps users format TF2 items to the community standards. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-40060 HIGH POC This Week

go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Chart
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-4260 MEDIUM POC This Month

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Coblocks
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6231 MEDIUM POC This Month

The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Request A Quote
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-41665 MEDIUM POC This Month

Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ampache
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-29070 CRITICAL Act Now

On versions before 2.1.4, session is not invalidated after logout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streampark
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-38164 HIGH PATCH This Week

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Groupme
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6717 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Nomad
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-4081 HIGH This Week

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Labview
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-4080 HIGH This Week

A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Labview
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-41668 HIGH This Week

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nginx
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-38176 HIGH PATCH This Week

An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Groupme
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-6885 HIGH This Week

The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal PHP WordPress
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-5602 HIGH This Week

A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-4079 HIGH This Week

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Labview
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41178 HIGH PATCH This Week

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Arrow
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6828 HIGH This Week

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress XSS File Upload
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-0981 HIGH This Week

Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Mozilla
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-7014 HIGH This Week

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Telegram
NVD
CVSS 4.0
7.1
EPSS
1.4%
CVE-2024-1575 MEDIUM This Month

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Nwa50Ax Firmware Nwa50Ax Pro Firmware Nwa55Axe Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-41012 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-39702 MEDIUM PATCH This Month

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Openresty
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-41836 MEDIUM This Month

InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41656 MEDIUM PATCH This Month

Sentry is an error tracking and performance monitoring platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sentry
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-41664 MEDIUM This Month

Canarytokens help track activity and actions on a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Docker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-34128 MEDIUM This Month

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6783 MEDIUM This Month

A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD HeroDevs GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-41663 LOW Monitor

Canarytokens help track activity and actions on a network. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Docker
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-41839 LOW Monitor

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
3.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy