Skip to main content
CVE-2024-41226 HIGH POC This Week

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Automation 360
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-6781 HIGH POC PATCH THREAT This Week

Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Calibre
NVD GitHub
CVSS 3.1
7.5
EPSS
62.7%
CVE-2024-28739 HIGH POC THREAT This Week

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Koha
NVD
CVSS 3.1
7.2
EPSS
17.7%
CVE-2024-7009 HIGH POC PATCH THREAT This Week

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Calibre
NVD GitHub
CVSS 3.1
7.1
EPSS
13.9%
CVE-2024-7534 HIGH This Week

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7533 HIGH This Week

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6998 HIGH This Week

Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6997 HIGH This Week

Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6994 HIGH This Week

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6988 HIGH This Week

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6720 HIGH This Week

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Light Poll
NVD WPScan
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-41913 HIGH This Week

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Poly Clariti Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7530 HIGH This Week

Incorrect garbage collection interaction could have led to a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-7528 HIGH This Week

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7522 HIGH This Week

Editor code failed to check an attribute value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7521 HIGH This Week

Incomplete WebAssembly exception handing could have led to a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7520 HIGH This Week

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6358 HIGH This Week

Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6357 HIGH This Week

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5709 HIGH This Week

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6315 HIGH This Week

The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7502 HIGH This Week

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Diascreen
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-7525 HIGH This Week

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-7523 HIGH This Week

A select option could partially obscure security prompts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-6203 HIGH This Week

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-42219 HIGH This Week

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Hashicorp Information Disclosure 1Password
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23460 HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23458 HIGH This Week

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.2.0.190. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43114 HIGH This Week

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7547 HIGH This Week

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7546 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7545 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7544 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7543 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7539 HIGH This Week

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7538 HIGH This Week

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23456 HIGH This Week

Anti-tampering can be disabled under certain conditions without signature validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Client Connector
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-33973 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33972 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33971 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33970 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33969 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33968 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33967 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33966 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33965 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33964 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33963 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33962 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33961 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy