Skip to main content
CVE-2024-8904 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46362 HIGH POC This Week

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5998 HIGH POC PATCH This Week

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Langchain
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8957 HIGH POC KEV THREAT This Week

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pt30X Sdi Firmware Pt30X Ndi Xx G2 Firmware
NVD
CVSS 3.1
7.2
EPSS
82.0%
CVE-2024-45398 HIGH PATCH This Week

Contao is an Open Source CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Contao
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43460 HIGH PATCH This Week

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dynamics 365 Business Central
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22303 HIGH This Week

Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21743 HIGH This Week

Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-46085 HIGH This Week

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-44132 HIGH This Week

This issue was addressed with improved handling of symlinks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-47049 HIGH PATCH This Week

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal PHP File Handling
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-7788 HIGH This Week

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOffice2 before < 24.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44162 HIGH This Week

This issue was addressed by enabling hardened runtime. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-40861 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43969 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.9.12. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-44165 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS Iphone Os Ipados +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-40848 HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-40856 HIGH This Week

An integrity issue was addressed with Beacon Protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-46982 HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
58.8%
CVE-2024-8900 HIGH This Week

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-8768 HIGH PATCH This Week

A flaw was found in the vLLM library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-47047 HIGH PATCH This Week

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powermail
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8110 HIGH This Week

Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-44189 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-44152 HIGH This Week

A privacy issue was addressed with improved private data redaction for log entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-44149 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-40770 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27879 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-27874 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27795 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42503 HIGH This Week

Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-42502 HIGH This Week

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-42501 HIGH This Week

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-44009 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Reflected XSS.6.11. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-44064 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LikeBtn Like Button Rating likebtn-like-button.6.53. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-44007 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Templates - Elementor & Gutenberg templates skt-templates allows Reflected. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-44164 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS Ipados Iphone Os
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy