Skip to main content
CVE-2024-47416 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47415 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47414 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47413 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47412 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47411 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-47410 HIGH This Week

Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-45150 HIGH This Week

Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-45146 HIGH This Week

Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-35288 HIGH This Week

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-47334 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow zoho-flow allows SQL Injection.7.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-43610 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Copilot Studio
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-46304 HIGH This Week

A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-46292 HIGH This Week

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Modsecurity
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-28168 HIGH PATCH This Week

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Formatting Objects Processor
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-8015 HIGH This Week

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Telerik Report Server
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-47191 HIGH This Week

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-9467 HIGH This Week

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Expedition
NVD
CVSS 4.0
7.0
EPSS
0.6%
CVE-2024-38818 MEDIUM This Month

VMware NSX contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation VMware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-38817 MEDIUM This Month

VMware NSX contains a command injection vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection VMware
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2024-7038 LOW POC Monitor

An information disclosure vulnerability exists in open-webui version 0.3.8. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Webui
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2024-39438 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-39437 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-39436 MEDIUM This Month

In linkturbonative service, there is a possible command injection due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Android
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-7294 MEDIUM This Month

In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Telerik Reporting
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-47816 MEDIUM This Month

ImportDump is a mediawiki extension designed to automate user import requests. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-9451 MEDIUM This Month

The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-9449 MEDIUM This Month

The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7963 MEDIUM This Month

The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-48933 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lemonldap
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-47815 MEDIUM This Month

IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-47812 MEDIUM This Month

ImportDump is an extension for mediawiki designed to automate user import requests. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-30118 MEDIUM This Month

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-9469 MEDIUM This Month

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Microsoft Cortex Xdr Agent
NVD
CVSS 4.0
5.7
EPSS
0.2%
CVE-2024-8264 MEDIUM This Month

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Robot Schedule
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47763 MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Wasmtime
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47673 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47671 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47669 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 ("nilfs2: separate wait function from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Checkpoint Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47667 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47666 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47665 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value >. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47664 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47663 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47662 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers should not be read from driver and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47661 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Amd Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47658 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47420 MEDIUM This Month

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-47419 MEDIUM This Month

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-45145 MEDIUM This Month

Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Lightroom
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy