Skip to main content
CVE-2024-27115 CRITICAL POC Act Now

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Soplanning
NVD
CVSS 4.0
10.0
EPSS
4.6%
CVE-2024-44541 CRITICAL POC Act Now

evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-44466 CRITICAL POC THREAT Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2024-6091 CRITICAL POC PATCH Act Now

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Autogpt Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-42760 HIGH POC This Week

SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ellevo
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-43793 MEDIUM POC This Month

Halo is an open source website building tool. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8277 CRITICAL Act Now

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Photo Reviews
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-44851 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Perfex Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-27113 CRITICAL Act Now

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soplanning
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-27112 CRITICAL Act Now

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Soplanning
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-45790 CRITICAL Act Now

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aim Star
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-7609 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.34.8. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Voc Tester
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2024-8694 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-44577 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-44574 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-44572 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-21529 HIGH PATCH This Week

Prototype pollution in the npm package dset before 3.1.4 allows attackers who control the key path passed to the dset() function to inject a __proto__ property that is recursively assigned to every object in the running JavaScript program. Because dset is a tiny, widely-used deep-assignment utility often reached through untrusted JSON or user-supplied paths, successful pollution can corrupt application logic, bypass security checks, or escalate toward denial of service and, in some downstream contexts, code injection. EPSS is low (0.61%, 45th percentile) and there is no public exploit identified at time of analysis, but a vendor patch (3.1.4) is available.

Prototype Pollution Code Injection
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.6%
CVE-2024-27114 HIGH This Week

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Soplanning
NVD
CVSS 4.0
8.9
EPSS
0.5%
CVE-2024-44570 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-44571 HIGH This Week

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Rely Pcie Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-20381 HIGH This Week

A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Ios Xr Network Services Orchestrator Small Business Rv Series Router Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8639 HIGH This Week

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8638 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8637 HIGH This Week

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-7716 MEDIUM POC This Month

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gs Logo Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3899 MEDIUM POC This Month

The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Envira Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8253 HIGH PATCH This Week

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation WordPress Post Grid
NVD
CVSS 3.1
8.8
EPSS
9.6%
CVE-2024-45788 HIGH This Week

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aim Star
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-45787 HIGH This Week

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aim Star
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-45786 HIGH This Week

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aim Star
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-8686 HIGH This Week

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Pan Os
NVD
CVSS 4.0
8.6
EPSS
1.4%
CVE-2024-7626 HIGH PATCH This Week

The WP Delicious - Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

RCE WordPress PHP Wp Delicious
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-43690 HIGH This Week

Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-20398 HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Command Injection Ios Xr
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5760 HIGH This Week

The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft Universal Print Driver
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45026 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39378 HIGH This Week

Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Audition
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8306 HIGH This Week

access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Vijeo Designer Vijeo Designer Embedded In Ecostruxure Machine Expert
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-40662 HIGH PATCH This Week

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40658 HIGH PATCH This Week

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40657 HIGH PATCH This Week

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40655 HIGH PATCH This Week

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40654 HIGH PATCH This Week

In multiple locations, there is a possible permission bypass due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40652 HIGH PATCH This Week

In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40650 HIGH PATCH This Week

In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31336 HIGH This Week

In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-20304 HIGH This Week

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45327 HIGH This Week

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortisoar
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20406 HIGH This Week

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-20317 HIGH This Week

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.1
7.4
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy