Skip to main content
CVE-2024-7970 HIGH POC This Week

Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42902 HIGH POC This Week

An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Limesurvey
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-42991 HIGH POC This Week

MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

File Upload Mcms
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-41436 HIGH POC This Week

ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Clickhouse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41435 HIGH POC This Week

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Yugabytedb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-6119 HIGH PATCH This Week

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Denial Of Service Memory Corruption OpenSSL Active Iq Unified Manager Management Services For Element Software And Netapp Hci +17
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2024-8382 HIGH This Week

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6473 HIGH This Week

Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yandex Browser
NVD
CVSS 4.0
8.4
EPSS
0.7%
CVE-2024-42057 HIGH This Week

A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-45394 HIGH PATCH This Week

Authenticator is a browser extension that generates two-step verification codes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Authenticator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38456 HIGH This Week

HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8374 HIGH PATCH This Week

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection Python RCE Ultimaker Cura
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3655 HIGH This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38811 HIGH This Week

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Fusion
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-45391 HIGH PATCH This Week

High-severity information disclosure vulnerability in Tina CMS's CLI tool (versions before 1.6.2) that exposes search tokens in the tina-lock.json file, allowing unauthorized access to sensitive authentication credentials. Attackers can exploit this remotely without authentication to steal search tokens from affected websites. With an EPSS score of 0.25%, real-world exploitation likelihood is relatively low despite the high CVSS score.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-8383 HIGH This Week

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-5412 HIGH This Week

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Nebula Lte3301 Plus Firmware Nebula Fwa505 Firmware +48
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42058 HIGH This Week

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Null Pointer Dereference Denial Of Service Zld
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-7203 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42060 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-42059 HIGH This Week

A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Zld
NVD
CVSS 3.1
7.2
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy