Skip to main content
CVE-2024-46997 CRITICAL POC PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-7024 CRITICAL POC Act Now

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-7023 HIGH POC This Week

Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-47066 HIGH POC PATCH THREAT This Week

Lobe Chat is an open-source artificial intelligence chat framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
CVSS 3.1
8.8
EPSS
11.0%
CVE-2024-43201 HIGH POC This Week

The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Google Planet Fitness Workouts
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-7018 HIGH POC This Week

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46985 HIGH POC PATCH This Week

DataEase is an open source data visualization analysis tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Dataease
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-9091 MEDIUM POC This Month

A vulnerability was found in code-projects Student Record System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-23922 MEDIUM POC PATCH This Month

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Xav Ax5500 Firmware
NVD Exploit-DB
CVSS 3.1
6.8
EPSS
1.8%
CVE-2024-9014 MEDIUM POC PATCH This Month

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pgadmin 4
NVD GitHub
CVSS 3.1
6.5
EPSS
9.7%
CVE-2024-43989 HIGH Act Now

Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.8% and no vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
7.5
EPSS
13.8%
CVE-2024-47069 MEDIUM POC PATCH This Month

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Cookiebar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-47068 MEDIUM POC PATCH This Month

Rollup is a module bundler for JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rollup
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-46241 MEDIUM POC This Month

PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dairy Farm Shop Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-47222 CRITICAL Act Now

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF My Office Sdk
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0002 CRITICAL Act Now

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Purity Fa
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0001 CRITICAL POC Act Now

A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Purity Fa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-34331 CRITICAL Act Now

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-7846 MEDIUM POC This Month

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yith Woocommerce Ajax Search
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7735 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-9094 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9093 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Profile Registration Without Reload Refresh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9092 MEDIUM POC This Month

A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Profile Registration Without Reload Refresh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9090 MEDIUM POC This Month

A vulnerability was found in SourceCodester Modern Loan Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Modern Loan Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9089 MEDIUM POC This Month

A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Modern Loan Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8606 CRITICAL Act Now

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Checkmk
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-7835 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exnet Informatics Software Ferry Reservation System allows Reflected XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-37779 HIGH This Week

WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-0005 HIGH This Week

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Purity Fa Purity Fb
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-23934 HIGH This Week

Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-45348 HIGH This Week

Xiaomi Router AX9000 has a post-authorization command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ax9000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7022 MEDIUM POC This Month

Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-7020 MEDIUM POC This Month

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-7019 MEDIUM POC This Month

Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-46639 HIGH This Week

A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection XSS RCE
NVD GitHub
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-41228 HIGH This Week

A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-42861 HIGH This Week

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linuxptp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-39842 HIGH This Week

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-0004 HIGH This Week

A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Purity Fa
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-0003 HIGH This Week

A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Purity Fa
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-40442 HIGH This Week

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-23972 MEDIUM PATCH This Month

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Xav Ax5500 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-23933 MEDIUM This Month

Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Apple RCE
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-39843 MEDIUM This Month

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
6.7
EPSS
2.2%
CVE-2024-44048 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-44540 MEDIUM This Month

Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubiquiti
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-39342 MEDIUM This Month

Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-40441 MEDIUM This Month

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-43996 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Elementskit
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-8263 MEDIUM This Month

An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
6.2
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy