Skip to main content
CVE-2024-46292 HIGH This Week

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Modsecurity
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-28168 HIGH PATCH This Week

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Formatting Objects Processor
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-8015 HIGH This Week

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Telerik Report Server
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-47191 HIGH This Week

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-9467 HIGH This Week

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Expedition
NVD
CVSS 4.0
7.0
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy