Skip to main content
CVE-2024-8504 HIGH POC THREAT Act Now

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
75.4%
CVE-2024-45412 HIGH POC PATCH This Week

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Yeti
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-44867 HIGH POC This Week

phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Phpok
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-37728 HIGH POC This Week

Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-44871 HIGH POC THREAT This Week

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Mozilocms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
16.2%
CVE-2024-43455 HIGH PATCH This Week

Windows Remote Desktop Licensing Service Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2024-8322 HIGH This Week

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-43469 HIGH PATCH This Week

Azure CycleCloud Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Microsoft Azure Cyclecloud
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-43461 HIGH KEV PATCH THREAT This Week

Windows MSHTML Platform Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
8.8
EPSS
51.9%
CVE-2024-38260 HIGH PATCH This Week

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-38259 HIGH PATCH This Week

Microsoft Management Console Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 11 21H2 +5
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-38018 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
51.5%
CVE-2024-37965 HIGH This Week

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sql Server 2016 Sql Server 2017 Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-37340 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37339 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sql 2016 Azure Connect Feature Pack Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37338 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure RCE Microsoft Sql 2016 Azure Connect Feature Pack +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37335 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Sql 2016 Azure Connect Feature Pack +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-26191 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Sql 2016 Azure Connect Feature Pack +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-26186 HIGH PATCH This Week

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Sql 2016 Azure Connect Feature Pack +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-45593 HIGH PATCH This Week

Nix is a package manager for Linux and other Unix systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nix
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-45044 HIGH This Week

Bareos is open source software for backup, archiving, and recovery of data for operating systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7770 HIGH PATCH This Week

The Bit File Manager - 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload File Manager
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-7699 HIGH This Week

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-43388 HIGH This Week

A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware +33
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-43387 HIGH This Week

A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-43386 HIGH This Week

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-43385 HIGH This Week

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware Tc Mguard Rs4000 3G Vpn Firmware +32
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-8268 HIGH PATCH This Week

The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Privilege Escalation Code Injection WordPress RCE Frontend Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-8232 HIGH This Week

SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
8.7
EPSS
13.1%
CVE-2024-43647 HIGH This Week

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-8321 HIGH This Week

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Endpoint Manager
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2024-43479 HIGH PATCH This Week

Microsoft Power Automate Desktop Remote Code Execution Vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Authentication Bypass RCE Microsoft Power Automate
NVD
CVSS 3.1
8.5
EPSS
0.9%
CVE-2024-44667 HIGH This Week

Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-38045 HIGH PATCH This Week

Windows TCP/IP Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1809 +9
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2024-31489 HIGH This Week

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Forticlient
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-43393 HIGH This Week

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware +33
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-43392 HIGH This Week

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware +27
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-43391 HIGH This Week

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware +33
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-43390 HIGH This Week

A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware +33
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-43389 HIGH This Week

A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Tc Mguard Rs4000 4G Vzw Vpn Firmware Tc Mguard Rs4000 4G Vpn Firmware Tc Mguard Rs4000 4G Att Vpn Firmware +33
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-38250 HIGH PATCH This Week

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Buffer Overflow Office Office Long Term Servicing Channel Windows 10 1507 +13
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8012 HIGH This Week

An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-44107 HIGH This Week

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-44106 HIGH This Week

Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44105 HIGH This Week

Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44104 HIGH This Week

An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44103 HIGH This Week

DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43492 HIGH PATCH This Week

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Autoupdate
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-43465 HIGH PATCH This Week

Microsoft Excel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-43463 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy