Skip to main content
CVE-2024-45175 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal C Mor Video Surveillance
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-45171 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload C Mor Video Surveillance
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45173 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation C Mor Video Surveillance
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-44587 HIGH POC This Week

itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7591 HIGH POC PATCH THREAT This Week

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Loadmaster Multi Tenant Hypervisor Firmware
NVD
CVSS 3.1
7.2
EPSS
44.1%
CVE-2024-45178 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal C Mor Video Surveillance
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2024-8463 HIGH This Week

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Job Portal
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8178 HIGH This Week

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-45063 HIGH This Week

The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43110 HIGH This Week

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-42416 HIGH This Week

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45288 HIGH This Week

A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-41928 HIGH This Week

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-32668 HIGH This Week

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Freebsd
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-45098 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-7627 HIGH PATCH This Week

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE File Manager
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2024-8470 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8469 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8468 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8467 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8466 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8465 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8464 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-7884 HIGH PATCH This Week

When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Canister Developer Kit For The Internet Computer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-5957 HIGH This Week

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intrusion Prevention System Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45287 HIGH This Week

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42495 HIGH This Week

Credentials to access device configuration were transmitted using an unencrypted protocol. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusion
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-45401 HIGH PATCH This Week

stripe-cli is a command-line tool for the payment processor Stripe. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Stripe Cli
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-45097 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy