Skip to main content
CVE-2024-40433 HIGH POC This Week

Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wechat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-39304 HIGH POC PATCH This Week

ChurchCRM is an open-source church management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Churchcrm
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-41628 HIGH POC This Week

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
6.5%
CVE-2024-40116 HIGH POC This Week

An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-7062 HIGH POC This Week

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Nimble Commander
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41813 HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41812 HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41354 HIGH POC This Week

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-41353 HIGH POC This Week

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-41357 HIGH POC This Week

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
1.1%
CVE-2024-41815 HIGH POC PATCH This Week

Starship is a cross-shell prompt. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Starship
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2024-38872 HIGH This Week

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2024-38871 HIGH This Week

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2024-41692 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-41687 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-7050 HIGH This Week

Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.2. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2024-35296 HIGH This Week

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2024-24257 HIGH This Week

An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41670 HIGH This Week

In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35161 HIGH This Week

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-41686 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-38512 HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-38511 HIGH This Week

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-38510 HIGH This Week

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-38509 HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-38508 HIGH This Week

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-41691 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of FTP credentials in plaintext within the SquashFS-root filesystem associated with the router's firmware. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-41690 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to storing of default username and password credentials in plaintext within the router's firmware/ database. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-41688 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due lack of encryption in storing of usernames and passwords within the router's firmware/ database. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy