Skip to main content
CVE-2024-38365 HIGH PATCH This Week

btcd is an alternative full node bitcoin implementation written in Go (golang). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Btcd
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-9046 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Starstudio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4132 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Lock Screen
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4131 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Emulator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4130 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo App Store
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4089 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo Superfile
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33582 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33581 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33580 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33579 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33578 HIGH This Week

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9002 HIGH This Week

access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45316 HIGH This Week

The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sonicwall Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-42018 HIGH This Week

An issue was discovered in Atos Eviden SMC xScale before 1.6.6. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-47490 HIGH This Week

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.7
EPSS
0.6%
CVE-2024-48788 HIGH This Week

An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48768 HIGH This Week

An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48777 HIGH This Week

LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48776 HIGH This Week

An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48775 HIGH This Week

An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48773 HIGH This Week

An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48774 HIGH This Week

An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48771 HIGH This Week

An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48938 HIGH This Week

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Znuny
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-44734 HIGH This Week

Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-44729 HIGH This Week

Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45403 HIGH PATCH This Week

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service H2O
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45397 HIGH PATCH This Week

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass H2O
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45396 HIGH PATCH This Week

Quicly is an IETF QUIC protocol implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quicly
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45317 HIGH This Week

A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45754 HIGH This Week

An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-35517 HIGH This Week

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Netgear Xr1000 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
14.1%
CVE-2024-8376 HIGH PATCH This Week

In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE",. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mosquitto
NVD GitHub
CVSS 4.0
7.2
EPSS
0.7%
CVE-2024-8531 HIGH This Week

compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-47509 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47508 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47505 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47503 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-47498 HIGH This Week

An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-47493 HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-39526 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards,. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47877 MEDIUM PATCH This Month

Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Extract
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-47507 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-47489 MEDIUM This Month

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-39563 MEDIUM This Month

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Juniper Junos Space
NVD
CVSS 4.0
6.9
EPSS
1.3%
CVE-2024-47501 MEDIUM This Month

A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Juniper Denial Of Service Junos
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-47496 MEDIUM This Month

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Juniper Denial Of Service Junos
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-39527 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-48041 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary enhanced-tooltipglossary allows Stored XSS.3.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-9586 MEDIUM This Month

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Linkz Ai
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy