Skip to main content
CVE-2024-39717 HIGH KEV THREAT Act Now

Versa Director GUI contains a file upload vulnerability in the 'Change Favicon' functionality that allows provider-level administrators to upload malicious files, exploited by Volt Typhoon (Chinese APT) against ISPs.

NVD
CVSS 3.1
7.2
EPSS
4.6%
CVE-2024-42599 HIGH POC This Week

SeaCMS 13.0 has a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Seacms
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-43033 HIGH POC This Week

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Microsoft Jpress
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-8079 HIGH POC This Week

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-8078 HIGH POC This Week

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-42774 HIGH POC This Week

An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42772 HIGH POC This Week

An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42767 HIGH POC This Week

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hotel Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-42776 HIGH POC This Week

Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-45201 HIGH PATCH This Week

An issue was discovered in llama_index before 0.10.38. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Llamaindex
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-36442 HIGH This Week

cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-40886 HIGH PATCH This Week

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mattermost CSRF
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-7384 HIGH PATCH This Week

The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Acymailing
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-39576 HIGH This Week

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Power Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-8076 HIGH This Week

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-42418 HIGH This Week

Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Outpost Uploader Utility Outpost 0810 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39776 HIGH This Week

Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Outpost Uploader Utility Outpost 0810 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-36444 HIGH This Week

cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-38210 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Microsoft RCE Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38209 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Microsoft Google Memory Corruption Edge Chromium
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-36443 HIGH This Week

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-42490 HIGH PATCH This Week

authentik is an open-source Identity Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39745 HIGH This Week

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-8071 HIGH PATCH This Week

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
7.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy