Skip to main content
CVE-2024-8640 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-28990 HIGH This Week

SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6887 MEDIUM POC This Month

The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rafflepress
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5799 MEDIUM POC This Month

The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cm Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6077 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Compactlogix 5380 Firmware Compact Guardlogix 5380 Sil 2 Firmware Compact Guardlogix 5380 Sil 3 Firmware +4
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-45825 HIGH This Week

CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 5015 U8Ihft Firmware
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-7961 HIGH This Week

A path traversal vulnerability exists in the Rockwell Automation affected product. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Rockwell Pavilion8
NVD
CVSS 4.0
8.6
EPSS
1.0%
CVE-2024-45826 HIGH This Week

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Thinmanager
NVD
CVSS 4.0
8.5
EPSS
11.2%
CVE-2024-28981 HIGH This Week

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-3163 MEDIUM POC This Month

The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Easy Property Listings
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37397 HIGH This Week

An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Endpoint Manager
NVD
CVSS 3.1
8.2
EPSS
59.3%
CVE-2024-8754 HIGH This Week

An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-28991 HIGH This Week

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Access Rights Manager
NVD
CVSS 3.1
8.0
EPSS
3.1%
CVE-2024-45181 HIGH This Week

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Wibukey
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-6510 HIGH This Week

Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Internet Security
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45857 HIGH This Week

Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27321 HIGH This Week

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Autolabel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27320 HIGH This Week

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Autolabel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8533 HIGH This Week

A privilege escalation vulnerability exists in the Rockwell Automation affected products. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Rockwell 2800C Optixpanel Compact Firmware 2800S Optixpanel Standard Firmware Embedded Edge Compute Module Firmware
NVD
CVSS 4.0
7.7
EPSS
1.3%
CVE-2024-8751 HIGH This Week

A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-44460 HIGH This Week

An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-44459 HIGH This Week

A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Vernemq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8124 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
39.6%
CVE-2024-4660 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8749 HIGH This Week

SQL injection vulnerability in idoit pro version 28. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP I Doit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20430 HIGH This Week

A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco Microsoft Meraki Systems Manager
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-8631 HIGH This Week

A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-34785 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
25.4%
CVE-2024-34783 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
43.4%
CVE-2024-34779 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
24.0%
CVE-2024-32848 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
43.4%
CVE-2024-32846 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2024-32845 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
24.0%
CVE-2024-32843 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2024-32842 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2024-32840 HIGH This Week

An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
25.4%
CVE-2024-6658 MEDIUM This Month

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-6840 MEDIUM This Month

An improper authorization flaw exists in the Ansible Automation Controller. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Privilege Escalation Kubernetes
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2024-8311 MEDIUM This Month

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-8635 MEDIUM This Month

A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5435 MEDIUM This Month

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-42484 MEDIUM This Month

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38222 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-45303 MEDIUM PATCH This Month

Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Calendar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-4612 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8750 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in idoit pro version 28. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS I Doit
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8622 MEDIUM PATCH This Month

The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Amcharts
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4472 MEDIUM This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-45182 MEDIUM This Month

An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Wibukey
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-41629 MEDIUM This Month

An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fusion Digital Power Designer
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy