Skip to main content
CVE-2024-41461 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41460 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41459 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41551 CRITICAL POC Act Now

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-41662 CRITICAL POC PATCH Act Now

VNote is a note-taking platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Vnote
NVD GitHub
CVSS 3.1
9.6
EPSS
1.7%
CVE-2024-40422 CRITICAL POC THREAT Act Now

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Devika
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
11.4%
CVE-2024-36538 HIGH POC This Week

Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Chaos Mesh
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-41667 HIGH POC PATCH This Week

OpenAM is an open access management solution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2024-40495 HIGH POC This Week

A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Linksys RCE E2500 Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-41466 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41465 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41464 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41463 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41462 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41672 HIGH POC PATCH This Week

DuckDB is a SQL database management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Duckdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-41550 HIGH POC This Week

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= . Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-7080 MEDIUM POC This Month

A vulnerability was found in SourceCodester Insurance Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insurance Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-7066 MEDIUM POC This Month

A vulnerability was found in F-logic DataCube3 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Datacube3 Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
3.4%
CVE-2024-7065 MEDIUM POC This Month

A vulnerability was found in Spina CMS up to 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-41666 MEDIUM POC PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-40767 MEDIUM POC This Month

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Information Disclosure Nova
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-6753 MEDIUM POC This Month

The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Social Auto Poster
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-36535 CRITICAL Act Now

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meshery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36533 CRITICAL PATCH Act Now

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36536 CRITICAL Act Now

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Fabedge
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36540 CRITICAL Act Now

Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure External Secrets Operator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-36539 CRITICAL Act Now

Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Contour
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-6327 CRITICAL Act Now

In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Report Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-6096 CRITICAL Act Now

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Telerik Reporting
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-7081 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7069 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0.php?f=delete_department. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7068 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Insurance Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Insurance Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7067 MEDIUM POC PATCH This Month

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization PHP Ecommerce Laravel Bootstrap
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-41914 CRITICAL Act Now

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-5067 MEDIUM POC This Month

An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-41136 HIGH This Week

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-36541 HIGH This Week

Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Logging Operator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31970 HIGH This Week

AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sdg Smartos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-31977 HIGH This Week

Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sdg Smartos 834 5 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-22443 HIGH This Week

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-6094 MEDIUM POC This Month

The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-6756 HIGH This Week

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Social Auto Poster
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-36534 HIGH This Week

Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-39676 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot.1 before 1.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Pinot
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-6750 HIGH This Week

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Social Auto Poster
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-7027 HIGH This Week

The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-41135 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-41134 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-41133 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-33519 HIGH This Week

A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Aruba
NVD
CVSS 3.1
7.2
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy