Skip to main content
CVE-2024-34344 HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Nuxt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23657 HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Nuxt
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-41376 HIGH POC This Week

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dzzoffice
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7465 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cp450 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7463 HIGH POC THREAT This Week

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Cp900 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
11.0%
CVE-2024-7462 HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N350Rt Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-39713 HIGH POC PATCH This Week

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Rocket Chat
NVD
CVSS 3.1
8.6
EPSS
3.2%
CVE-2024-2232 HIGH POC This Week

The lacks CSRF checks allowing a user to invite any user to any group (including private groups). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Himer
NVD WPScan
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-42352 HIGH POC PATCH This Week

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Nuxt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-40531 HIGH This Week

A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-39838 HIGH This Week

ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zwx 2000Csw2 Hn Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23384 HIGH PATCH This Week

Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +100
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-21481 HIGH This Week

Memory corruption when preparing a shared memory notification for a memparcel in Resource Manager. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +161
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-41720 HIGH This Week

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zwx 2000Csw2 Hn Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-21980 HIGH This Week

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7203 Firmware Epyc 7203P Firmware Epyc 72F3 Firmware Epyc 7303 Firmware +82
NVD
CVSS 3.1
7.9
EPSS
0.4%
CVE-2024-21978 HIGH This Week

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Epyc 7203 Firmware Epyc 7203P Firmware Epyc 72F3 Firmware Epyc 7303 Firmware +82
NVD
CVSS 3.1
7.9
EPSS
0.5%
CVE-2024-33034 HIGH PATCH This Week

Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +100
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33028 HIGH PATCH This Week

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +134
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33027 HIGH PATCH This Week

Memory corruption can occur when arbitrary user-space app gains kernel level privilege to modify DDR memory by corrupting the GPU page table. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Buffer Overflow 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +87
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33023 HIGH PATCH This Week

Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +149
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33022 HIGH PATCH This Week

Memory corruption while allocating memory in HGSL driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +120
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33021 HIGH PATCH This Week

Memory corruption while processing IOCTL call to set metainfo. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +132
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23383 HIGH PATCH This Week

Memory corruption when kernel driver attempts to trigger hardware fences. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +69
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23382 HIGH This Week

Memory corruption while processing graphics kernel driver request to create DMA fence. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6200 Firmware Fastconnect 6700 Firmware +100
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23381 HIGH This Week

Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +70
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23356 HIGH This Week

Memory corruption during session sign renewal request calls in HLOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +204
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23355 HIGH This Week

Memory corruption when keymaster operation imports a shared key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +137
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-6472 HIGH This Week

Certificate Validation user interface in LibreOffice allows potential vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4607 HIGH This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2937 HIGH This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42010 HIGH This Week

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
52.8%
CVE-2024-40530 HIGH This Week

A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33026 HIGH PATCH This Week

Transient DOS while parsing probe response and assoc response frame when received frame length is less than max size of timestamp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +160
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33025 HIGH PATCH This Week

Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Csr8811 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +163
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33024 HIGH PATCH This Week

Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware +176
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33020 HIGH PATCH This Week

Transient DOS while processing TID-to-link mapping IE elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +92
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33019 HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping action frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +144
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33018 HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping element of the TID-to-link mapping action frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +146
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33015 HIGH PATCH This Week

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +188
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33014 HIGH PATCH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +315
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33013 HIGH PATCH This Week

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +165
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33012 HIGH PATCH This Week

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +243
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33011 HIGH This Week

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +243
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33010 HIGH PATCH This Week

Transient DOS while parsing fragments of MBSSID IE from beacon frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Ar8035 Firmware Ar9380 Firmware +244
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23353 HIGH This Week

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +243
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23352 HIGH This Week

Transient DOS when NAS receives ODAC criteria of length 1 and type 1 in registration accept OTA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Snapdragon 855 860 Mobile Platform Sm8150 Ac Firmware Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware +99
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21479 HIGH This Week

Transient DOS during music playback of ALAC content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wsa8835 Firmware Wsa8832 Firmware Wsa8830 Firmware Wsa8815 Firmware +90
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21467 HIGH This Week

Information disclosure while handling beacon probe frame during scan entry generation in client side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wsa8835 Firmware Wsa8830 Firmware Wsa8815 Firmware +126
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21459 HIGH This Week

Information disclosure while handling beacon or probe response frame in STA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Snapdragon W5 Gen 1 Wearable Platform Firmware Snapdragon 870 5G Mobile Platform Sm8250 Ac Firmware Snapdragon 865 5G Mobile Platform Sm8250 Ab Firmware +172
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-7409 HIGH This Week

A flaw was found in the QEMU NBD Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy