Skip to main content
CVE-2024-47076 HIGH POC PATCH THREAT Act Now

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcupsfilters
NVD GitHub
CVSS 3.1
8.6
EPSS
77.0%
CVE-2024-46628 CRITICAL POC THREAT Act Now

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
11.3%
CVE-2024-9166 CRITICAL POC Act Now

The device enables an unauthorized attacker to execute system commands with elevated privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.6%
CVE-2024-46627 CRITICAL POC Act Now

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
4.1%
CVE-2024-47176 MEDIUM POC PATCH THREAT This Month

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cups Browsed
NVD GitHub
CVSS 3.1
5.3
EPSS
50.2%
CVE-2024-0132 HIGH POC PATCH THREAT This Week

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Information Disclosure Nvidia Denial Of Service Nvidia Container Toolkit +1
NVD Exploit-DB
CVSS 3.1
8.3
EPSS
37.1%
CVE-2024-44860 HIGH POC This Week

An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Solvait
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-40508 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-40507 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-40506 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-45987 MEDIUM POC This Month

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Online Voting System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-45983 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Hospital Management System
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-6517 MEDIUM POC This Month

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form 7 Math Captcha
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-7781 CRITICAL PATCH Act Now

The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Jupiter X Core
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-7772 CRITICAL PATCH Act Now

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Jupiter X Core
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-45986 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Voting System Project
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7594 HIGH PATCH This Week

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault Openbao
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-47180 HIGH This Week

Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-47179 HIGH This Week

RSSHub is an RSS network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Docker
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-47169 HIGH PATCH This Week

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Agnai
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-39577 HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45982 HIGH This Week

A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-45981 HIGH This Week

A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-45980 HIGH This Week

A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45979 HIGH This Week

A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43191 HIGH This Week

IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization IBM Cloud Pak For Multicloud Management Monitoring
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-8126 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP File Upload Advanced File Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-47330 HIGH This Week

Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Slider Social Share Buttons
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-47130 HIGH This Week

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gotenna Pro
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-45985 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank And Donation Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-45984 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank And Donation Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-6769 HIGH This Week

A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 4.0
8.4
EPSS
1.1%
CVE-2024-41605 HIGH This Week

In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-46632 MEDIUM POC This Month

Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-7108 HIGH This Week

Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.240816253. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cybermath
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2024-46329 HIGH This Week

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vap11G 300 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-46328 HIGH This Week

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vap11G 300 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-47045 HIGH This Week

Privilege chaining issue exists in the installer of e-Tax software(common program). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-8404 HIGH This Week

An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47125 HIGH This Week

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
7.6
EPSS
0.1%
CVE-2024-37125 HIGH This Week

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Smartfabric Os10
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30134 HIGH This Week

The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Traveler For Microsoft Outlook
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-9199 HIGH This Week

Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clibo Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-47197 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.2.1 before 3.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maven Archetype
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-46330 HIGH This Week

VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vap11G 300 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-8704 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-47126 HIGH This Week

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna Pro
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-45723 HIGH This Week

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gotenna
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-7107 MEDIUM This Month

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.240816253. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Cybermath
NVD VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-47003 MEDIUM PATCH This Month

Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy