Skip to main content
CVE-2024-46394 HIGH POC This Week

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8698 HIGH POC PATCH This Week

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jwt Attack
NVD
CVSS 3.1
7.7
EPSS
2.0%
CVE-2024-46382 HIGH POC This Week

SQL injection in linlinjava litemall 1.8.0 allows unauthenticated remote attackers to extract sensitive data from the backend database by injecting malicious payloads into the goodsId, goodsSn, and name parameters handled by AdminOrderController.java. Publicly available exploit code exists, though EPSS rates exploitation probability low at 0.12% (30th percentile) and the issue is not listed in CISA KEV.

SQLi Litemall
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-43496 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Microsoft Memory Corruption RCE +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-43489 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Microsoft Google Memory Corruption Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-7737 HIGH This Week

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-45862 HIGH This Week

Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Control System Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-47089 HIGH This Week

This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-47087 HIGH This Week

This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-47086 HIGH This Week

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-47085 HIGH This Week

This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-7254 HIGH PATCH This Week

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Protobuf Java Protobuf Javalite +5
NVD GitHub HeroDevs
CVSS 4.0
8.7
EPSS
2.8%
CVE-2024-38016 HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass RCE Microsoft 365 Apps Office +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-45752 HIGH This Week

logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Logiops
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy