Skip to main content
CVE-2024-38653 HIGH POC THREAT This Week

XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
CVSS 3.1
7.5
EPSS
92.0%
CVE-2024-7753 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-42353 MEDIUM POC PATCH This Month

WebOb provides objects for HTTP requests and responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Open Redirect Webob
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-42360 CRITICAL PATCH Act Now

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Sequenceserver
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7732 CRITICAL Act Now

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dr Id Attendance System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-7731 CRITICAL Act Now

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Dr Id Access Control
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-20083 CRITICAL Act Now

In venc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20082 CRITICAL Act Now

In Modem, there is a possible memory corruption due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Nr15 Nr16 Nr17
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-7790 MEDIUM POC This Month

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Devika
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7794 MEDIUM POC This Month

A vulnerability was found in itsourcecode Vehicle Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7793 MEDIUM POC This Month

A vulnerability was found in SourceCodester Task Progress Tracker 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Progress Tracker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7792 MEDIUM POC This Month

A vulnerability was found in SourceCodester Task Progress Tracker 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Task Progress Tracker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-24986 CRITICAL Act Now

Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Linux Ethernet 800 Series Controllers Driver
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-23981 CRITICAL Act Now

Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Linux Ethernet 800 Series Controllers Driver
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-23497 CRITICAL Act Now

Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Intel Linux Privilege Escalation +1
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-21810 CRITICAL Act Now

Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Linux
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-21807 CRITICAL Act Now

Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Linux
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-7754 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7752 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-38652 CRITICAL Act Now

Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
9.1
EPSS
7.6%
CVE-2024-39397 CRITICAL Act Now

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Adobe File Upload Commerce Magento
NVD
CVSS 3.1
9.0
EPSS
1.1%
CVE-2024-39809 HIGH This Week

The Central Manager user session refresh token does not expire when a user logs out. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Next Central Manager
NVD
CVSS 4.0
8.9
EPSS
0.4%
CVE-2024-4389 HIGH This Week

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7515 HIGH This Week

CVE-2024-7515 IMPACT A denial-of-service vulnerability exists in the affected products. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Compactlogix 5380 Firmware Controllogix 5580 Firmware Guardlogix 5580 Firmware Compact Guardlogix 5380 Sil 2 Firmware +2
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-7507 HIGH This Week

CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Compactlogix 5380 Firmware Controllogix 5580 Firmware Guardlogix 5580 Firmware Compact Guardlogix 5380 Sil 2 Firmware +2
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-40619 HIGH This Week

CVE-2024-40619 IMPACT A denial-of-service vulnerability exists in the affected products. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Controllogix 5580 Firmware Guardlogix 5580 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-41727 HIGH This Week

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +18
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39792 HIGH This Week

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Plus
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-39778 HIGH This Week

When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-34163 HIGH This Week

Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel Nuc X15 Laptop Kit Lapbc510 Firmware Nuc X15 Laptop Kit Lapbc710 Firmware Nuc X15 Laptop Kit Lapac71G Firmware +6
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-6078 HIGH This Week

CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-7513 HIGH This Week

CVE-2024-7513 IMPACT A code execution vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Factorytalk View
NVD
CVSS 4.0
8.5
EPSS
1.7%
CVE-2024-39825 HIGH This Week

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Rooms Workplace +2
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-39283 HIGH This Week

Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Tdx Module
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-26022 HIGH This Week

Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-25576 HIGH This Week

improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Agilex 7 Fpga Firmware
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39402 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection Commerce Magento
NVD
CVSS 3.1
8.4
EPSS
1.5%
CVE-2024-39401 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection Commerce Magento
NVD
CVSS 3.1
8.4
EPSS
1.5%
CVE-2024-21801 HIGH This Week

Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Tdx Module
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2024-41164 HIGH This Week

When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +20
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-39400 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Magento
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-41865 HIGH This Week

Dimension versions 3.4.11 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41856 HIGH This Week

Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-41853 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-41852 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-41851 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41850 HIGH This Week

InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-41840 HIGH This Week

Bridge versions 13.0.8, 14.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-41831 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2024-41830 HIGH This Week

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
4.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy