Skip to main content
CVE-2024-46419 CRITICAL POC Act Now

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-46451 CRITICAL POC Act Now

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-8752 CRITICAL POC THREAT Act Now

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Webiq
NVD
CVSS 4.0
9.3
EPSS
11.8%
CVE-2024-42798 HIGH POC This Week

An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Music Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-46424 HIGH POC This Week

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service T8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8880 MEDIUM POC This Month

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Playsms
NVD VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-42796 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Music Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-45415 CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45414 CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44623 CRITICAL Act Now

An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Spx Graphics Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-22399 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Seata. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Seata
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-45698 CRITICAL Act Now

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir X4860 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-45697 CRITICAL Act Now

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir X4860 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-45695 CRITICAL Act Now

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE Dir X4860 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-45694 CRITICAL Act Now

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE Dir X5460 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-7104 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.Winsure: before 4.6.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Winsure
NVD VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2024-7098 CRITICAL Act Now

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.Winsure: before 4.6.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Winsure
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2024-6401 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.6.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Insuree Gl
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2024-46958 CRITICAL PATCH Act Now

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-45696 HIGH This Week

Certain models of D-Link wireless routers contain hidden functionality. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Covr X1870 Firmware Dir X4860 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8779 HIGH This Week

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Omflow
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42794 MEDIUM POC This Month

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Music Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-21829 HIGH This Week

Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-23599 HIGH This Week

Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Intel Denial Of Service
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2024-42795 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Music Management System
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2024-45416 HIGH This Week

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zte Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-45413 HIGH This Week

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-34543 HIGH This Week

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Raid Web Console
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34153 HIGH This Week

Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Raid Web Console
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-39613 HIGH PATCH This Week

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Mattermost Mattermost Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-46937 HIGH This Week

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secure Authentication Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8777 HIGH This Week

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Omflow
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21871 HIGH This Week

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-21781 HIGH This Week

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Intel Denial Of Service
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-8766 MEDIUM This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2024-34016 MEDIUM This Month

Local privilege escalation due to DLL hijacking vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2024-45835 MEDIUM PATCH This Month

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Google Mattermost Desktop
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38315 MEDIUM This Month

IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Shares
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45833 MEDIUM This Month

Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Mobile
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8780 MEDIUM This Month

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Omflow
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-8778 MEDIUM This Month

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Omflow
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-8776 MEDIUM This Month

SmartRobot by INTUMIT contains a reflected cross-site scripting (XSS) vulnerability in an insufficiently validated page parameter that allows unauthenticated remote attackers to inject malicious JavaScript code. An attacker can craft a malicious URL and trick users into clicking it, enabling session hijacking, credential theft, or malware distribution. With a CVSS score of 6.1 and EPSS score of 0.18% (39th percentile), the vulnerability is of moderate severity with relatively low current exploitation probability, though the low attack complexity and lack of authentication requirements make it practically exploitable.

XSS Smartrobot
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-4283 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45801 MEDIUM PATCH This Month

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Denial Of Service Dompurify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-45799 MEDIUM This Month

FluxCP is a web-based Control Panel for rAthena servers written in PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fluxcp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-46970 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intellij Idea
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-36261 MEDIUM This Month

Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-36247 MEDIUM This Month

Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-34545 MEDIUM This Month

Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32940 MEDIUM This Month

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Denial Of Service Raid Web Console
NVD
CVSS 3.1
5.7
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy