Skip to main content
CVE-2024-1724 HIGH POC PATCH This Week

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Ubuntu Snapd
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-38288 HIGH POC This Week

A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Turbomeeting
NVD GitHub
CVSS 3.1
7.2
EPSS
3.2%
CVE-2024-40318 HIGH POC This Week

An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Qloapps
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-24623 HIGH This Week

Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-24622 HIGH This Week

Softaculous Webuzo contains a command injection in the password reset functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Webuzo
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-36542 HIGH This Week

Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6589 HIGH PATCH This Week

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE LFI Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-37084 HIGH PATCH This Week

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Java RCE Spring Cloud Data Flow
NVD
CVSS 3.1
8.8
EPSS
35.2%
CVE-2024-7007 HIGH This Week

Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tra7005 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-40872 HIGH This Week

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-41800 HIGH PATCH This Week

Craft is a content management system (CMS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Craft Cms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29069 HIGH PATCH This Week

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Snapd
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-39673 HIGH This Week

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-39672 HIGH This Week

Memory request logic vulnerability in the memory module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy