Skip to main content
CVE-2024-44720 HIGH POC This Week

SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-44375 HIGH POC This Week

D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Di 8100 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-44725 HIGH POC This Week

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Autocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-44724 HIGH POC This Week

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Autocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-44335 HIGH This Week

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-44334 HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
31.8%
CVE-2024-44333 HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-45041 HIGH PATCH This Week

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes External Secrets Operator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37288 HIGH This Week

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Elastic Kibana
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-8601 HIGH This Week

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Back Office Software
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-45411 HIGH PATCH This Week

Twig is a template language for PHP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Twig
NVD GitHub
CVSS 3.1
8.6
EPSS
0.8%
CVE-2024-27387 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 1080 Firmware Exynos 1280 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27383 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45296 HIGH PATCH This Week

path-to-regexp turns path strings into a regular expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-7015 HIGH This Week

Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Passbox
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-7341 HIGH PATCH This Month

A session fixation issue was discovered in the SAML adapters provided by Keycloak. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Session Fixation Information Disclosure Keycloak Single Sign On Build Of Keycloak
NVD GitHub
CVSS 3.1
7.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy