Skip to main content
CVE-2024-38856 CRITICAL POC KEV PATCH THREAT Act Now

Incorrect Authorization vulnerability in Apache OFBiz.12.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Ofbiz
NVD
CVSS 3.1
9.8
EPSS
99.4%
CVE-2024-42009 CRITICAL POC KEV EUVD KEV THREAT Act Now

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Webmail
NVD GitHub
CVSS 3.1
9.3
EPSS
83.4%
CVE-2024-34344 HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Nuxt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23657 HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Nuxt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-41376 HIGH POC This Week

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dzzoffice
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7465 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cp450 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7463 HIGH POC THREAT This Week

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cp900 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
11.0%
CVE-2024-7462 HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N350Rt Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-39713 HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Rocket Chat
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2024-2232 HIGH POC This Week

The lacks CSRF checks allowing a user to invite any user to any group (including private groups). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Himer
NVD WPScan
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-42352 HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Nuxt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-34343 MEDIUM POC PATCH This Month

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nuxt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41381 MEDIUM POC This Month

microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41380 MEDIUM POC This Month

microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5081 MEDIUM POC This Month

The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wp Emember
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-40498 CRITICAL Act Now

SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-42447 CRITICAL PATCH Act Now

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Fab
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41889 CRITICAL Act Now

Multiple Pimax products accept WebSocket connections from unintended endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Pitool Play
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41816 MEDIUM POC PATCH This Month

Cooked is a recipe plugin for WordPress. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Cooked
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3636 MEDIUM POC This Month

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pinpoint Booking System
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7494 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6915 CRITICAL Act Now

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.3
EPSS
0.6%
CVE-2024-42008 CRITICAL Act Now

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmail
NVD GitHub
CVSS 3.1
9.3
EPSS
33.9%
CVE-2024-7397 CRITICAL Act Now

Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.4%
CVE-2024-7395 CRITICAL Act Now

An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2024-6118 CRITICAL Act Now

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetinghub Paperless Meetings
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-6117 CRITICAL Act Now

A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Meetinghub Paperless Meetings
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-7470 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7469 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7468 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
24.9%
CVE-2024-7467 MEDIUM POC THREAT This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
23.4%
CVE-2024-7464 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp900 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
19.9%
CVE-2024-7466 MEDIUM POC This Month

A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pmweb
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-40531 HIGH This Week

A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-6498 MEDIUM POC This Month

The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Collect Chat
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6270 MEDIUM POC This Month

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Community Events
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-39838 HIGH This Week

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zwx 2000Csw2 Hn Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23384 HIGH PATCH This Week

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +100
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-21481 HIGH This Week

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +161
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-41720 HIGH This Week

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zwx 2000Csw2 Hn Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-21980 HIGH This Week

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7203 Firmware Epyc 7203P Firmware Epyc 72F3 Firmware Epyc 7303 Firmware +82
NVD
CVSS 3.1
7.9
EPSS
0.4%
CVE-2024-21978 HIGH This Week

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7203 Firmware Epyc 7203P Firmware Epyc 72F3 Firmware Epyc 7303 Firmware +82
NVD
CVSS 3.1
7.9
EPSS
0.5%
CVE-2024-33034 HIGH PATCH This Week

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +100
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33028 HIGH PATCH This Week

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33027 HIGH PATCH This Week

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +87
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33023 HIGH PATCH This Week

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +149
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33022 HIGH PATCH This Week

Memory corruption while allocating memory in HGSL driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +120
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33021 HIGH PATCH This Week

Memory corruption while processing IOCTL call to set metainfo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +132
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23383 HIGH PATCH This Week

Memory corruption when kernel driver attempts to trigger hardware fences. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +69
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23382 HIGH This Week

Memory corruption while processing graphics kernel driver request to create DMA fence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +100
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy