Skip to main content
CVE-2024-6983 HIGH POC PATCH This Week

mudler/localai version 2.17.1 is vulnerable to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Localai
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2024-46472 HIGH POC This Week

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Membership Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-46097 HIGH POC This Week

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Testlink
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-46471 HIGH POC This Week

The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Membership Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-44910 HIGH POC This Week

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Cryptolib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9029 HIGH POC This Week

A flaw was found in the freeimage library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Freeimage
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-7714 HIGH POC This Week

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Chatgpt Assistant
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-40509 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-40512 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-40511 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-46331 HIGH POC This Week

ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Mostartcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-8609 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Valeapp
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2024-33369 HIGH This Week

Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Rpshare
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-33368 HIGH This Week

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Rpshare
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-46366 HIGH This Week

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ssti Krayin Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7149 HIGH PATCH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-46441 HIGH This Week

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8922 HIGH PATCH This Week

The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Product Enquiry For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-8607 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.0.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Valeapp
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-6436 HIGH This Week

An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Sequencemanager
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-9301 HIGH This Week

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal E2Nest
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-38308 HIGH This Week

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Adam 5550 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-39275 HIGH This Week

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adam 5630 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-28948 HIGH This Week

Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Adam 5630 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-7400 HIGH This Week

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Eset Information Disclosure Microsoft
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-40510 HIGH This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-46859 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46853 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46849 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Use After Free Memory Corruption Information Disclosure Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46813 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Amd Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46821 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Amd Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46830 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46812 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory - illegal accesses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Amd Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46852 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Buffer Overflow Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-46845 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46844 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-46836 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46833 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: hns3: void array out of bound when loop tnl_num When query reg inf of SSU, it loops tnl_num times. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46831 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46828 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46820 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46818 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-46815 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-46814 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46811 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box [Why] Coverity reports OVERRUN warning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46804 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39435 HIGH This Week

In Logmanager service, there is a possible missing verification incorrect input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23586 HIGH This Week

HCL Nomad is susceptible to an insufficient session expiration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Nomad
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-44912 HIGH This Week

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cryptolib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-44911 HIGH This Week

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cryptolib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy