Skip to main content
CVE-2024-40125 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Cless Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-46946 CRITICAL POC Act Now

langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Langchain Experimental
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-8963 CRITICAL POC KEV EUVD KEV THREAT Act Now

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Endpoint Manager Cloud Services Appliance
NVD
CVSS 3.1
9.1
EPSS
98.6%
CVE-2024-46394 HIGH POC This Week

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8698 HIGH POC PATCH This Week

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jwt Attack
NVD
CVSS 3.1
7.7
EPSS
2.0%
CVE-2024-46382 HIGH POC This Week

SQL injection in linlinjava litemall 1.8.0 allows unauthenticated remote attackers to extract sensitive data from the backend database by injecting malicious payloads into the goodsId, goodsSn, and name parameters handled by AdminOrderController.java. Publicly available exploit code exists, though EPSS rates exploitation probability low at 0.12% (30th percentile) and the issue is not listed in CISA KEV.

SQLi Litemall
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8883 MEDIUM POC PATCH This Month

A misconfiguration flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Build Of Keycloak Openshift Container Platform Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone +2
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2024-33109 CRITICAL Act Now

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tiptel Ip 286 Firmware Sip T28P Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-46984 CRITICAL PATCH Act Now

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Reference Validator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46983 CRITICAL PATCH Act Now

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Sofa Hessian
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-31570 CRITICAL Act Now

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Freeimage
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7785 CRITICAL Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).08. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-9008 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best Online News Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9007 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS 123Solar
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-9006 MEDIUM POC PATCH This Month

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection PHP RCE 123Solar
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-9004 MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
16.2%
CVE-2024-9001 MEDIUM POC This Month

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T10 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.0%
CVE-2024-47088 CRITICAL Act Now

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-45861 CRITICAL Act Now

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Control System Firmware
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-8986 CRITICAL PATCH Act Now

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Grafana
NVD
CVSS 4.0
9.1
EPSS
0.5%
CVE-2024-43496 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Microsoft Memory Corruption RCE +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-43489 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Microsoft Google Memory Corruption Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-7737 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-45862 HIGH This Week

Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Control System Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-47089 HIGH This Week

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-47087 HIGH This Week

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-47086 HIGH This Week

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-47085 HIGH This Week

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-7254 HIGH PATCH This Week

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Protobuf Java Protobuf Javalite +5
NVD GitHub HeroDevs
CVSS 4.0
8.7
EPSS
2.8%
CVE-2024-38016 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass RCE Microsoft 365 Apps Office +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-45752 HIGH This Week

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Logiops
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-8651 MEDIUM This Month

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netcat Content Management System
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-25673 MEDIUM This Month

Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Couchbase Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8850 MEDIUM PATCH This Month

{email} is used for the field in versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailchimp
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-8653 MEDIUM This Month

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netcat Content Management System
NVD GitHub
CVSS 4.0
5.9
EPSS
0.3%
CVE-2024-8652 MEDIUM This Month

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netcat Content Management System
NVD GitHub
CVSS 4.0
5.9
EPSS
0.3%
CVE-2024-8375 MEDIUM PATCH This Month

There exists a use after free vulnerability in Reverb. Rated medium severity (CVSS 5.7). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Google Denial Of Service Reverb
NVD GitHub
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-8354 MEDIUM This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-45769 MEDIUM This Month

A vulnerability was found in Performance Co-Pilot (PCP). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-45614 MEDIUM PATCH This Month

Puma is a Ruby/Rack web server built for parallelism. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nginx Puma
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-7736 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3dexperience Enovia
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8364 MEDIUM This Month

The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Custom Fields Search
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9003 MEDIUM This Month

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jflow
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-47162 MEDIUM This Month

In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47160 MEDIUM This Month

In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-45770 MEDIUM This Month

A vulnerability was found in Performance Co-Pilot (PCP). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-38221 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-47159 MEDIUM This Month

In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy