Skip to main content
CVE-2024-41433 CRITICAL POC Act Now

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tidb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44921 CRITICAL POC Act Now

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7970 HIGH POC This Week

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42902 HIGH POC This Week

An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Limesurvey
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-42991 HIGH POC This Week

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Mcms
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-41436 HIGH POC This Week

ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Clickhouse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41435 HIGH POC This Week

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Yugabytedb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-44920 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seacms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44809 CRITICAL Act Now

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-45390 CRITICAL PATCH Act Now

@blakeembrey/template is a string template library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Template
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-45307 CRITICAL PATCH Act Now

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Sudobot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-8389 CRITICAL Act Now

Memory safety bugs present in Firefox 129. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-8387 CRITICAL Act Now

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8385 CRITICAL Act Now

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Memory Corruption Firefox Firefox Esr
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8381 CRITICAL Act Now

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Memory Corruption Firefox Firefox Esr
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2024-7261 CRITICAL Act Now

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nwa110Ax Firmware Nwa1123 Ac Pro Firmware Nwa1123Acv3 Firmware +26
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2024-7345 CRITICAL Act Now

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Openedge
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-8380 MEDIUM POC This Month

A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Contact Manager With Export To Vcf
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-45586 CRITICAL Act Now

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xts Mobile Trader Xts Web Trader
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-45588 CRITICAL Act Now

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xts Mobile Trader Xts Web Trader
NVD
CVSS 4.0
9.1
EPSS
0.4%
CVE-2024-45587 CRITICAL Act Now

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xts Mobile Trader Xts Web Trader
NVD
CVSS 4.0
9.1
EPSS
0.4%
CVE-2024-6119 HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL Active Iq Unified Manager Management Services For Element Software And Netapp Hci +17
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2024-42901 MEDIUM POC PATCH This Month

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Limesurvey
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-8382 HIGH This Week

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6473 HIGH This Week

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yandex Browser
NVD
CVSS 4.0
8.4
EPSS
0.7%
CVE-2024-41434 MEDIUM POC This Month

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tidb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-42057 HIGH This Week

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-45394 HIGH PATCH This Week

Authenticator is a browser extension that generates two-step verification codes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Authenticator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38456 HIGH This Week

HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8374 HIGH PATCH This Week

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection Python RCE Ultimaker Cura
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3655 HIGH This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38811 HIGH This Week

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Fusion
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-45391 HIGH PATCH This Week

High-severity information disclosure vulnerability in Tina CMS's CLI tool (versions before 1.6.2) that exposes search tokens in the tina-lock.json file, allowing unauthorized access to sensitive authentication credentials. Attackers can exploit this remotely without authentication to steal search tokens from affected websites. With an EPSS score of 0.25%, real-world exploitation likelihood is relatively low despite the high CVSS score.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-8383 HIGH This Week

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-5412 HIGH This Week

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Nebula Lte3301 Plus Firmware Nebula Fwa505 Firmware +48
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42058 HIGH This Week

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Null Pointer Dereference Denial Of Service Zld
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-7203 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42060 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42059 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-4259 MEDIUM This Month

Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.0; AKOS (TahsilatService): before. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Akos
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-4629 MEDIUM PATCH This Month

A vulnerability was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Keycloak Build Of Keycloak Single Sign On Openshift Container Platform +3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-42903 MEDIUM PATCH This Month

A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Limesurvey
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-42904 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Syspass
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7654 MEDIUM This Month

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS Openedge
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8386 MEDIUM This Month

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mozilla Microsoft Firefox Firefox Esr
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-42061 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel XSS Zld
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45389 MEDIUM PATCH This Month

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pagefind
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45180 MEDIUM This Month

SquaredUp DS for SCOM 6.2.1.11104 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Squaredup Ds For Scom
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43412 MEDIUM PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xibo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8388 MEDIUM This Month

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Mozilla Firefox
NVD
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy