Skip to main content
CVE-2024-41473 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.7%
CVE-2024-38289 CRITICAL POC THREAT Act Now

A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Turbomeeting
NVD GitHub
CVSS 3.1
9.8
EPSS
40.9%
CVE-2024-1724 HIGH POC PATCH This Week

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Ubuntu Snapd
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-38288 HIGH POC This Week

A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Turbomeeting
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2024-40318 HIGH POC This Week

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Qloapps
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-7106 MEDIUM POC This Month

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spina
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-41468 CRITICAL Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2024-24621 CRITICAL Act Now

Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webuzo
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-38287 CRITICAL Act Now

The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Turbomeeting
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41808 MEDIUM POC This Month

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openobserve
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-40324 MEDIUM POC This Month

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection E Staff
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-24623 HIGH This Week

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-24622 HIGH This Week

Softaculous Webuzo contains a command injection in the password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-36542 HIGH This Week

Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6589 HIGH PATCH This Week

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE LFI Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-37084 HIGH PATCH This Week

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Spring Cloud Data Flow
NVD
CVSS 3.1
8.8
EPSS
35.2%
CVE-2024-7007 HIGH This Week

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tra7005 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-40872 HIGH This Week

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-41800 HIGH PATCH This Week

Craft is a content management system (CMS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Craft Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29069 HIGH PATCH This Week

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Snapd
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-39673 HIGH This Week

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-39672 HIGH This Week

Memory request logic vulnerability in the memory module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-7101 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ForIP Tecnologia Administração PABX 1.x. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-29068 MEDIUM PATCH This Month

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Snapd
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-6972 MEDIUM This Month

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-6558 MEDIUM This Month

HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Anybus Compactcom 30 Module Ethernet Ip Firmware Anybus Compactcom 30 Module Usb Without Housing Firmware
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-36111 MEDIUM This Month

KubePi is a K8s panel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes
NVD GitHub
CVSS 3.1
6.3
EPSS
8.4%
CVE-2024-3938 MEDIUM This Month

The "reset password" login page accepted an HTML injection via URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Dotcms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41809 MEDIUM PATCH This Month

OpenObserve is an open-source observability platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openobserve
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41801 MEDIUM PATCH This Month

OpenProject is open source project management software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Openproject
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38103 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-39674 MEDIUM This Month

Plaintext vulnerability in the Gallery search module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39671 MEDIUM This Month

Access control vulnerability in the security verification module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39670 MEDIUM This Month

Privilege escalation vulnerability in the account synchronisation module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-28772 MEDIUM This Month

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Security Directory Integrator Security Directory Server Security Verify Access
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41707 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41706 MEDIUM This Month

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41705 MEDIUM This Month

A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7047 MEDIUM This Month

A cross site scripting vulnerability exists in GitLab CE/EE affecting all versions from 16.6 prior to 17.0.5, 17.1 prior to 17.1.3, 17.2 prior to 17.2.1 allowing an attacker to execute arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7105 MEDIUM This Month

A vulnerability classified as critical has been found in ForIP Tecnologia Administração PABX 1.x. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Administracao Pabx
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-41806 MEDIUM This Month

The Open edX Platform is a learning management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Juniper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-7057 MEDIUM This Month

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-40873 LOW Monitor

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.07. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secure Access
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-4811 LOW Monitor

In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Octopus Server
NVD
CVSS 3.1
2.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy