Skip to main content
CVE-2024-42798 HIGH POC This Week

An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Music Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-46424 HIGH POC This Week

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service T8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45696 HIGH This Week

Certain models of D-Link wireless routers contain hidden functionality. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Covr X1870 Firmware Dir X4860 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8779 HIGH This Week

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Omflow
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21829 HIGH This Week

Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-23599 HIGH This Week

Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Intel Denial Of Service
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2024-45416 HIGH This Week

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Zte Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-45413 HIGH This Week

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-34543 HIGH This Week

Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel Raid Web Console
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34153 HIGH This Week

Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Raid Web Console
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-39613 HIGH PATCH This Week

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Mattermost Mattermost Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-46937 HIGH This Week

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Secure Authentication Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8777 HIGH This Week

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Omflow
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21871 HIGH This Week

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-21781 HIGH This Week

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Intel Denial Of Service
NVD
CVSS 4.0
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy