Skip to main content
CVE-2024-7593 CRITICAL POC KEV PATCH THREAT Act Now

Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gain administrative access to the appliance due to a flawed authentication algorithm implementation. The flaw is confirmed actively exploited (CISA KEV) with an EPSS score of 94.44% (100th percentile), placing it among the highest-risk vulnerabilities currently tracked. All vTM releases other than 22.2R1 and 22.7R2 are affected.

Authentication Bypass Ivanti
NVD
CVSS 3.1
9.8
EPSS
94.4%
Threat
7.8
CVE-2024-7094 CRITICAL Emergency

The JS Help Desk - The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 72.0% and no vendor patch available.

PHP RCE WordPress CSRF Code Injection
NVD
CVSS 3.1
9.8
EPSS
72.0%
Threat
4.1
CVE-2024-43160 CRITICAL POC Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.7.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
4.6%
CVE-2024-28986 CRITICAL POC KEV THREAT CERT-EU Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
84.6%
CVE-2024-42739 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-42738 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-42737 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-7707 HIGH POC This Week

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-38193 HIGH POC KEV PATCH THREAT This Week

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
27.6%
CVE-2024-42736 HIGH POC This Week

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2024-7743 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7742 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7741 MEDIUM POC This Month

A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-7740 MEDIUM POC This Month

A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ltcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-7739 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown Pdf
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-7709 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1.php of the component URL Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-42740 MEDIUM POC This Month

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.8%
CVE-2024-38213 MEDIUM POC KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.5
EPSS
13.4%
CVE-2024-41623 CRITICAL Act Now

An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE D8801 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-43153 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.4.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-7569 CRITICAL PATCH Act Now

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ivanti Neurons For Itsm
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-38199 CRITICAL PATCH Act Now

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-38140 CRITICAL PATCH Act Now

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2024-38063 CRITICAL PATCH Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
9.8
EPSS
70.6%
CVE-2024-6788 CRITICAL Act Now

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43141 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.5.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41730 CRITICAL Act Now

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Business Objects Business Intelligence Platform
NVD
CVSS 3.1
9.8
EPSS
75.9%
CVE-2024-7746 CRITICAL Act Now

Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Traccar
NVD
CVSS 4.0
9.5
EPSS
0.5%
CVE-2024-41613 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symphony Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41940 CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinec Nms
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-7751 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7750 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7749 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Accounts Manager App 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Accounts Manager App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7748 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Accounts Manager App 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Accounts Manager App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7733 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fastcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-38108 CRITICAL PATCH Act Now

Azure Stack Hub Spoofing Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Stack Hub
NVD
CVSS 3.1
9.3
EPSS
1.1%
CVE-2024-39651 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.9.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Woocommerce Pdf Vouchers
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-38160 CRITICAL PATCH Act Now

Windows Network Virtualization Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1607 +1
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2024-38159 CRITICAL PATCH Act Now

Windows Network Virtualization Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1607 +1
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2024-33003 CRITICAL Act Now

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Commerce Cloud
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-7738 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Markdown Pdf
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-38189 HIGH KEV PATCH THREAT This Week

Microsoft Project Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office 2019 Office Long Term Servicing Channel +1
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-38180 HIGH PATCH This Week

Windows SmartScreen Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-38154 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-38144 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
32.3%
CVE-2024-38131 HIGH PATCH This Week

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Remote Desktop Client Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-38130 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-38128 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows Server 2008 Windows Server 2012 +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-38121 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-38120 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy