Skip to main content
CVE-2024-40645 HIGH POC PATCH This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Fogproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6978 HIGH POC This Week

Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.10.28. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Cato Client
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-6975 HIGH POC This Week

Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.10.34. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation OpenSSL Microsoft Cato Client
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6973 HIGH POC This Week

Remote Code Execution in Cato Windows SDP client via crafted URLs.10.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Cato Client
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7340 HIGH POC PATCH This Week

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
5.0%
CVE-2024-7326 HIGH POC This Week

A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dualsafe Password Manager
NVD VulDB
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-41954 HIGH POC PATCH This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Fogproject
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6974 HIGH POC This Week

Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade10.34. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Cato Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41630 HIGH POC This Week

Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac18 Firmware
NVD
CVSS 3.1
7.6
EPSS
1.0%
CVE-2024-40465 HIGH PATCH This Week

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Beego
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-40464 HIGH PATCH This Week

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Beego
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37901 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-7325 HIGH This Week

A vulnerability was found in IObit Driver Booster 11.0.0.0. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Driver Booster
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-7324 HIGH This Week

A vulnerability was found in IObit iTop Data Recovery Pro 4.4.0.687. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-3083 HIGH This Week

A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sensor Net Connect Firmware V2
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2024-42381 HIGH This Week

os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted sources, which allows attackers to achieve code execution via an ELF file with a custom .interp. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-31202 HIGH This Week

A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Thermoscan Ip
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37142 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37129 HIGH This Week

Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Dell Inventory Collector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37127 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32857 HIGH This Week

Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Peripheral Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41255 HIGH This Week

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Filestash
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23444 HIGH PATCH This Week

It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-41950 HIGH PATCH This Week

Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Ssti Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-39949 HIGH This Week

A vulnerability has been found in Dahua products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39948 HIGH This Week

A vulnerability has been found in Dahua products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware +54
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39944 HIGH This Week

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +55
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41262 HIGH This Week

mmudb v1.9.3 was discovered to use the HTTP protocol in the ShowMetricsRaw and ShowMetricsAsText functions, possibly allowing attackers to intercept communications via a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Immudb
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-6770 HIGH This Week

The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-39946 HIGH This Week

A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware +53
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-41253 HIGH This Week

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy