Skip to main content
CVE-2024-9786 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.6%
CVE-2024-9785 HIGH POC This Week

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-9784 HIGH POC This Week

A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-9783 HIGH POC This Week

A vulnerability was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-9782 HIGH POC This Week

A vulnerability was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-9022 HIGH POC This Week

SQL injection in the TS Poll WordPress plugin (versions up to and including 2.4.0) allows authenticated attackers with Administrator-level access to append arbitrary SQL queries via the 'orderby' parameter, enabling extraction of sensitive database contents. Publicly available exploit code exists, though the high-privilege requirement (PR:H) limits practical impact, and EPSS sits at 2.11% (84th percentile) indicating modest but non-trivial exploitation interest. No public exploit identified as actively used in the wild - not listed in CISA KEV.

SQLi WordPress Ts Poll
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2024-9156 HIGH POC This Week

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ti Woocommerce Wishlist
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45148 HIGH This Week

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-9522 HIGH This Week

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Users Masquerade
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-47966 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-47965 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-47964 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-47963 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-47962 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
3.4%
CVE-2024-47871 HIGH PATCH This Week

Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-8977 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Gitlab
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-45116 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe XSS Commerce Commerce B2b +1
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-45117 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Information Disclosure PHP Commerce Commerce B2b +1
NVD
CVSS 3.1
7.6
EPSS
0.9%
CVE-2024-35202 HIGH PATCH This Week

Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-6747 HIGH This Week

Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-9781 HIGH PATCH This Week

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-9581 HIGH This Week

The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Shortcodes Anywhere
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-9180 HIGH PATCH This Week

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hashicorp Openbao Vault
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-9519 HIGH This Week

The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Userplus
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-47870 HIGH PATCH This Week

Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy