Skip to main content
CVE-2024-47532 HIGH POC PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Restrictedpython
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-47178 HIGH POC PATCH This Week

basic-auth-connect is Connect's Basic Auth middleware in its own module. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Basic Auth Connect
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-46510 HIGH POC This Week

ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-6394 HIGH POC This Week

A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-8379 HIGH POC This Week

The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Cost Calculator Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-28812 HIGH This Week

An issue was discovered in Infinera hiT 7300 5.60.50. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hit 7300 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28809 HIGH This Week

An issue was discovered in Infinera hiT 7300 5.60.50. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hit 7300 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-46280 HIGH This Week

PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8458 HIGH This Week

Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8448 HIGH This Week

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-9194 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.1.0 before. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft Octopus Server
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-28813 HIGH This Week

An issue was discovered in Infinera hiT 7300 5.60.50. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Hit 7300 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-46313 HIGH This Week

TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link Wr941Nd Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.3%
CVE-2024-45772 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.4.0 before 9.12.0. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Apache Java Lucene Replicator
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-7675 HIGH This Week

A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7674 HIGH This Week

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7673 HIGH This Week

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7672 HIGH This Week

A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7671 HIGH This Week

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7670 HIGH This Week

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46549 HIGH This Week

An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation TP-Link
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-46511 HIGH This Week

LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8454 HIGH This Week

The swctrl service is used to detect and remotely manage PLANET Technology devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8452 HIGH This Week

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8451 HIGH This Week

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy