Skip to main content
CVE-2024-8504 HIGH POC THREAT Act Now

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
75.4%
CVE-2024-8503 CRITICAL POC THREAT Act Now

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
80.0%
CVE-2024-45409 CRITICAL POC PATCH THREAT Act Now

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Jwt Attack Denial Of Service Ruby Saml Omniauth Saml Gitlab
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2024-44893 CRITICAL POC Act Now

An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Jimureport
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44677 CRITICAL POC Act Now

eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Java Eladmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45412 HIGH POC PATCH This Week

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Yeti
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-44867 HIGH POC This Week

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Phpok
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-37728 HIGH POC This Week

Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-44871 HIGH POC THREAT This Week

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Mozilocms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
16.2%
CVE-2024-45596 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-34831 MEDIUM POC This Month

cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Gibbon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-44872 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Mozilocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45032 CRITICAL Act Now

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-38194 CRITICAL PATCH Act Now

An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Web Apps
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2024-8191 CRITICAL Act Now

SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
19.6%
CVE-2024-43491 CRITICAL PATCH Act Now

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1507
NVD
CVSS 3.1
9.8
EPSS
12.1%
CVE-2024-38240 CRITICAL PATCH Act Now

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-38225 CRITICAL PATCH Act Now

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Dynamics 365 Business Central
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37980 CRITICAL Act Now

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sql Server 2016 Sql Server 2017 Sql Server 2019 +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37341 CRITICAL PATCH Act Now

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-21416 CRITICAL PATCH Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1809 +9
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-45595 CRITICAL PATCH Act Now

D-Tale is a visualizer for Pandas data structures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS D Tale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8654 CRITICAL Act Now

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39583 CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Insightiq
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-39581 CRITICAL Act Now

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Dell Insightiq
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-6596 CRITICAL Act Now

An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Echo Curve Viewer Fieldcare Sfe500 Package Field Xpert Smt79 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6342 CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nas326 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-43455 HIGH PATCH This Week

Windows Remote Desktop Licensing Service Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2024-38217 MEDIUM POC KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.4
EPSS
9.8%
CVE-2024-35783 CRITICAL Act Now

A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-45591 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2024-45407 MEDIUM POC PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Sunshine
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41171 CRITICAL Act Now

A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24). Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-33698 CRITICAL Act Now

A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-44087 CRITICAL Act Now

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions <. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service
NVD
CVSS 4.0
9.2
EPSS
10.6%
CVE-2024-43040 CRITICAL Act Now

Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-38220 CRITICAL PATCH Act Now

Azure Stack Hub Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Azure Stack Hub
NVD
CVSS 3.1
9.0
EPSS
1.0%
CVE-2024-38216 CRITICAL PATCH Act Now

Azure Stack Hub Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Stack Hub
NVD
CVSS 3.1
9.0
EPSS
0.9%
CVE-2024-8322 HIGH This Week

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-43469 HIGH PATCH This Week

Azure CycleCloud Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Microsoft Azure Cyclecloud
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-43461 HIGH KEV PATCH THREAT This Week

Windows MSHTML Platform Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
51.9%
CVE-2024-38260 HIGH PATCH This Week

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-38259 HIGH PATCH This Week

Microsoft Management Console Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 11 21H2 +5
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-38018 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
51.5%
CVE-2024-37965 HIGH This Week

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sql Server 2016 Sql Server 2017 Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-37340 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37339 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37338 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure RCE Microsoft Sql 2016 Azure Connect Feature Pack +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37335 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Sql 2016 Azure Connect Feature Pack +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-26191 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Sql 2016 Azure Connect Feature Pack +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy