Skip to main content
CVE-2024-42006 HIGH This Week

Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aws Orchestrator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-34458 HIGH This Week

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Command
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-6918 HIGH This Week

exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41700 HIGH This Week

Barix - CWE-200 Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sip Client Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41699 HIGH This Week

Priority - CWE-552: Files or Directories Accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Priority
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41698 HIGH This Week

Priority - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Priority
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-38810 HIGH PATCH This Week

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Spring Security
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-43688 HIGH This Week

cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-7780 HIGH PATCH This Week

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Contact Form Builder
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-7702 HIGH PATCH This Week

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Contact Form Builder
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-35214 HIGH This Week

A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system. Rated high severity (CVSS 7.1). No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 4.0
7.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy