Skip to main content
CVE-2024-44390 HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-44386 HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-42523 HIGH POC This Week

publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Publiccms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-45187 HIGH This Week

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Mage Ai
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-39841 HIGH This Week

A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-42756 HIGH This Week

An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Netgear Dgn1000Ww Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
13.5%
CVE-2024-5586 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2024-5556 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2024-5490 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-5467 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2024-5466 HIGH This Week

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Zoho Manageengine Opmanager Manageengine Opmanager Msp +2
NVD
CVSS 3.1
8.8
EPSS
7.0%
CVE-2024-36517 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2024-36516 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2024-36515 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2024-36514 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-7258 HIGH PATCH This Week

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google WordPress PHP Authentication Bypass RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7559 HIGH This Week

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE File Manager Pro
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-37311 HIGH This Week

Collabora Online is a collaborative online office suite based on LibreOffice. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-42040 HIGH This Week

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow U Boot
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-42845 HIGH This Week

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
2.7%
CVE-2024-42915 HIGH This Week

A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-43791 HIGH PATCH This Week

RequestStore provides per-request global storage for Rack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Request Store
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43477 HIGH This Week

Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Entra Id
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-42636 HIGH This Week

DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-8113 HIGH PATCH This Week

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

XSS Pretix
NVD
CVSS 4.0
7.2
EPSS
0.3%
CVE-2024-43883 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy