Skip to main content
CVE-2024-45388 HIGH POC PATCH THREAT This Week

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Hoverfly
NVD GitHub
CVSS 3.1
7.5
EPSS
55.9%
CVE-2024-42471 HIGH POC PATCH This Week

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Actions Artifact Actions Toolkit
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2024-6921 HIGH This Week

Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nacpremium
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-7871 HIGH This Week

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-43776 HIGH This Week

SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-43775 HIGH This Week

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-43774 HIGH This Week

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-33035 HIGH This Week

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qam8255p Firmware Qam8620p Firmware Qam8650p Firmware +86
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-23365 HIGH This Week

Memory corruption while releasing shared resources in MinkSocket listener thread. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Qamsrv1m Firmware Qca6574 Firmware +45
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-1621 HIGH This Week

The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Uniflow Online Uniflow Online Print Scan Uniflow Smartclient
NVD
CVSS 4.0
8.3
EPSS
0.4%
CVE-2024-23359 HIGH This Week

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcn9024 Firmware Qcs4490 Firmware Qcs5430 Firmware +156
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-38402 HIGH PATCH This Week

Memory corruption while processing IOCTL call for getting group info. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38401 HIGH PATCH This Week

Memory corruption while processing concurrent IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware C V2x 9150 Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33060 HIGH PATCH This Week

Memory corruption when two threads try to map and unmap a single node simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Firmware Aqt1000 Firmware +241
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33054 HIGH PATCH This Week

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm5430 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33052 HIGH PATCH This Week

Memory corruption when user provides data for FM HCI command control operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +193
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33047 HIGH This Week

Memory corruption when the captureRead QDCM command is invoked from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm5430 Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33045 HIGH PATCH This Week

Memory corruption when BTFM client sends new messages over Slimbus to ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +171
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33042 HIGH PATCH This Week

Memory corruption when Alternative Frequency offset value is set to 255. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +192
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33038 HIGH PATCH This Week

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm4490 Firmware +39
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-41160 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41157 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39816 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38386 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45311 HIGH PATCH This Week

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quinn
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-5148 HIGH This Week

A flaw was found in the gnome-remote-desktop package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33057 HIGH PATCH This Week

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +166
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33051 HIGH This Week

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Firmware 9206 Lte Firmware Apq8017 Firmware Aqt1000 Firmware +278
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33050 HIGH PATCH This Week

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Csra6620 Firmware +248
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33048 HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +183
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23364 HIGH This Week

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +173
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23358 HIGH This Week

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8037 Firmware Ar8035 Firmware Fastconnect 7800 Firmware +49
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39775 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20089 HIGH This Week

In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23362 HIGH This Week

Cryptographic issue while parsing RSA keys in COBR format. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +226
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy