Skip to main content
CVE-2024-6890 HIGH POC This Week

Password reset tokens are generated using an insecure source of randomness. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Journyx
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6707 HIGH POC This Week

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Open Webui
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7585 HIGH POC This Week

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7584 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7583 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-7582 HIGH POC This Week

A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-7581 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-41309 HIGH POC This Week

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enjay Crm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41308 HIGH POC This Week

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enjay Crm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5290 HIGH POC This Week

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Wpa Supplicant
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-43044 HIGH PATCH This Week

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
8.8
EPSS
28.8%
CVE-2024-36131 HIGH This Week

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Endpoint Manager Mobile
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-34619 HIGH This Week

Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7265 HIGH This Week

Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Ezd Rp
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-7143 HIGH This Week

A flaw was found in the Pulp package. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pulp
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2024-7061 HIGH This Week

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Verify
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43199 HIGH PATCH This Week

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Ndoutils
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-7553 HIGH This Week

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass PHP Privilege Escalation Microsoft MongoDB +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-34623 HIGH This Week

Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Memory Corruption Notes
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34622 HIGH This Week

Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Memory Corruption Notes
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34620 HIGH This Week

Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34615 HIGH This Week

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34614 HIGH This Week

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34612 HIGH This Week

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20451 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Spa 301 Firmware Spa 303 Firmware Spa 501G Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-36132 HIGH This Week

Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-42062 HIGH This Week

CloudStack account-users by default use username and password based authentication for API and UI access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Denial Of Service Cloudstack
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-7267 HIGH This Week

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ezd Rp
NVD
CVSS 4.0
7.1
EPSS
0.6%
CVE-2024-7266 HIGH This Week

Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to list all users in the system, including those from other. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ezd Rp
NVD
CVSS 4.0
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy