Skip to main content
CVE-2024-46446 CRITICAL POC Act Now

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mecha
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-45291 HIGH POC PATCH This Week

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE PHP Phpspreadsheet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9570 HIGH POC This Week

A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
3.0%
CVE-2024-9569 HIGH POC This Week

A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-9568 HIGH POC This Week

A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-9567 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-9566 HIGH POC This Week

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.8%
CVE-2024-9565 HIGH POC This Week

A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.9%
CVE-2024-9564 HIGH POC This Week

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.9%
CVE-2024-9563 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-46278 HIGH POC This Week

Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teedy
NVD GitHub Exploit-DB
CVSS 3.1
8.4
EPSS
2.6%
CVE-2024-45290 HIGH POC PATCH This Week

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Phpspreadsheet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45293 HIGH POC PATCH This Week

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure XXE Phpspreadsheet
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2024-45919 MEDIUM POC This Month

A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Solvait
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42831 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-45060 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-46300 MEDIUM POC This Month

itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Placement Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45874 CRITICAL Act Now

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-45873 CRITICAL Act Now

A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-47557 CRITICAL Act Now

Pre-Auth RCE via Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Freeflow Core
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-47556 CRITICAL Act Now

Pre-Auth RCE via Path Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Freeflow Core
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-46076 CRITICAL Act Now

RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33066 CRITICAL Act Now

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon X65 5g Modem Rf System Firmware Sdx65m Firmware Sdx55 Firmware Qxm8083 Firmware +67
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-20103 CRITICAL Act Now

In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Software Development Kit Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20101 CRITICAL Act Now

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Software Development Kit Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20100 CRITICAL Act Now

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Iot Yocto Software Development Kit +1
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-44674 MEDIUM POC This Month

D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow D-Link Covr 2600R Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
3.9%
CVE-2024-45292 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45932 MEDIUM POC This Month

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Krayin Crm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-47559 HIGH This Week

Authenticated RCE via Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Freeflow Core
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-47558 HIGH This Week

Authenticated RCE via Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Freeflow Core
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-27458 HIGH This Week

A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-46041 HIGH This Week

IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-33065 HIGH This Week

Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon 8Cx Gen 2 5G Compute Platform Sc8180X Ac Firmware Snapdragon 8Cx Gen 2 5G Compute Platform Sc8180X Af Firmware Snapdragon 8Cx Compute Platform Sc8180Xp Ac Firmware Snapdragon 8Cx Gen 2 5G Compute Platform Sc8180Xp Aa Firmware +41
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-47555 HIGH This Week

Missing Authentication - User & System Configuration. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2024-45051 HIGH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-33073 HIGH This Week

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware +155
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-33064 HIGH This Week

Information disclosure while parsing the multiple MBSSID IEs from the beacon. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qca6574au Firmware Qca6574a Firmware Qca6564au Firmware +2
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-44068 HIGH This Week

An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Use After Free Samsung Memory Corruption Exynos 9820 Firmware +5
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-9576 HIGH This Week

Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Workbooth
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43047 HIGH KEV PATCH THREAT This Week

Memory corruption while maintaining memory maps of HLOS memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6700 Firmware Fastconnect 6800 Firmware +60
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38399 HIGH This Week

Memory corruption while processing user packets to generate page faults. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23369 HIGH This Week

Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon 888 5G Mobile Platform Sm8350 Ac Firmware Snapdragon 865 5G Mobile Platform Sm8250 Ab Firmware Wsa8845h Firmware Wsa8845 Firmware +114
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21455 HIGH This Week

Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Video Collaboration Vc1 Platform Firmware Wsa8815 Firmware Wsa8810 Firmware Wcn3980 Firmware +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20092 HIGH This Week

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47335 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.13.11. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-38397 HIGH This Week

Transient DOS while parsing probe response and assoc response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon 8 Gen 2 Mobile Platform Firmware Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware +111
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33071 HIGH This Week

Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mdm9628 Firmware Qca6564a Firmware Qca6564au Firmware Qca6574a Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33070 HIGH This Week

Transient DOS while parsing ESP IE from beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qca6574au Firmware Qca6574a Firmware Qca6564au Firmware Qca6564a Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33069 HIGH This Week

Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Wsa8835 Firmware Wsa8830 Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy