Skip to main content
CVE-2024-36538 HIGH POC This Week

Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Chaos Mesh
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-41667 HIGH POC PATCH This Week

OpenAM is an open access management solution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2024-40495 HIGH POC This Week

A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Linksys RCE E2500 Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-41466 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41465 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41464 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41463 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41462 HIGH POC This Week

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41672 HIGH POC PATCH This Week

DuckDB is a SQL database management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Duckdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-41550 HIGH POC This Week

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= . Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-41136 HIGH This Week

An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-36541 HIGH This Week

Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Logging Operator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31970 HIGH This Week

AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sdg Smartos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-31977 HIGH This Week

Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version 12.6.3.1, devices allow OS Command Injection via shell metacharacters to the Ping or Traceroute utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sdg Smartos 834 5 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-22443 HIGH This Week

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-6756 HIGH This Week

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Social Auto Poster
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-36534 HIGH This Week

Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-39676 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot.1 before 1.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Pinot
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-6750 HIGH This Week

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Social Auto Poster
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-7027 HIGH This Week

The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-41135 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-41134 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-41133 HIGH This Week

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-33519 HIGH This Week

A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Aruba
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-36537 HIGH This Week

Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Cert Manager
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-39345 HIGH This Week

AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sdg Smartos
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy