Skip to main content
CVE-2024-45519 CRITICAL POC KEV THREAT Act Now

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zimbra Collaboration Suite
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2024-24117 CRITICAL POC Act Now

Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rg Nbs2009G P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24116 CRITICAL POC THREAT Act Now

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rg Nbs2009G P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
28.2%
CVE-2024-28888 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-46626 HIGH POC This Week

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Opensis
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-7558 HIGH POC PATCH This Week

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes Juju
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-7315 HIGH POC This Week

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Migration Backup Staging
NVD WPScan
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-9440 MEDIUM POC PATCH This Month

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slim Select
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9441 CRITICAL Act Now

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
53.5%
CVE-2024-44097 CRITICAL Act Now

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nest Doorbell Battery Firmware Nest Cam Outdoor Or Indoor Battery Firmware Nest Cam With Floodlight Firmware Nest Cam Indoor Wired Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-45186 CRITICAL Act Now

FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-45965 MEDIUM POC This Month

Contao before 5.5.6 allows XSS via an SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Contao
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-33210 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-33209 MEDIUM POC This Month

FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-9429 MEDIUM POC This Month

A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-20521 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-20520 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-20519 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-20518 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-35293 CRITICAL Act Now

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-47529 MEDIUM POC PATCH This Month

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

XSS Cosmos
NVD GitHub
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-45964 MEDIUM POC This Month

Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the "Organizer tags" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45960 MEDIUM POC This Month

Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-20449 HIGH This Week

A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Path Traversal Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-20432 HIGH This Week

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-20393 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340W Dual Wan Gigabit Wireless Ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8885 HIGH This Week

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Privilege Escalation Sophos Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-7855 HIGH PATCH This Week

The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Wp Hotel Booking
NVD
CVSS 3.1
8.8
EPSS
17.1%
CVE-2024-45962 MEDIUM POC This Month

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS October
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-20491 HIGH This Week

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller Nexus Dashboard Insights Nexus Dashboard Orchestrator
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-20490 HIGH This Week

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller Nexus Dashboard Insights Nexus Dashboard Orchestrator
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-20448 HIGH This Week

A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-44193 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Itunes
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2024-41290 HIGH This Week

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Flatpress
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-47807 HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-47806 HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-8733 HIGH This Week

A potential security vulnerability has been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-44017 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board mh-board allows PHP Local File Inclusion.3.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20502 HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meraki Mx65 Firmware Meraki Mx64 Firmware Meraki Z4C Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20501 HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption Meraki Mx65 Firmware Meraki Mx64 Firmware +23
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20500 HIGH This Week

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Meraki Z4C Firmware Meraki Z4 Firmware Meraki Z3C Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-20499 HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Memory Corruption Meraki Z4C Firmware Meraki Z4 Firmware +23
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20498 HIGH This Week

Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meraki Mx65 Firmware Meraki Mx64 Firmware Meraki Z4C Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47805 HIGH PATCH This Week

Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Credentials
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33662 HIGH PATCH This Week

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Portainer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-44030 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Absolute Path Traversal.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-24122 LOW POC Monitor

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Edraw
NVD GitHub
CVSS 3.1
3.3
EPSS
0.7%
CVE-2024-20470 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340W Dual Wan Gigabit Wireless Ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Firmware +1
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-20365 HIGH This Week

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-6360 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.0 through. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Vertica
NVD
CVSS 4.0
6.9
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy