Skip to main content
CVE-2024-46535 CRITICAL POC Act Now

Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jepaas
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48257 CRITICAL POC PATCH Act Now

Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Wavelog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-48251 CRITICAL POC PATCH Act Now

Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Wavelog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48259 HIGH POC This Week

Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cloudlog
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-48249 HIGH POC PATCH This Week

Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Wavelog
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-48823 CRITICAL Act Now

Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48168 CRITICAL Act Now

A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE D-Link Dcs 960L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48153 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48150 CRITICAL Act Now

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48255 CRITICAL Act Now

Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Cloudlog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48253 CRITICAL Act Now

Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Cloudlog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-9924 CRITICAL Act Now

The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-9921 CRITICAL Act Now

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Team Pro
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-46988 MEDIUM POC This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-48120 MEDIUM POC This Month

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2Crm
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-48119 MEDIUM POC This Month

Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vtiger Crm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6763 MEDIUM POC PATCH This Month

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Open Redirect Jetty
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-50780 HIGH PATCH This Week

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Authentication Bypass Artemis
NVD VulDB
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-47766 MEDIUM POC PATCH This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-48822 HIGH This Week

Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46980 MEDIUM POC PATCH This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45733 HIGH This Week

In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk Microsoft
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-7847 HIGH This Week

VULNERABILITY DETAILS Rockwell Automation used the latest versions of the CVSS scoring system to assess the following vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is no authentication required. No vendor patch available.

RCE Rockwell Rslogix 5 Rslogix 500 Rslogix Micro Developer +1
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2024-9137 HIGH This Week

The affected product lacks an authentication check when sending commands to the server via the Moxa service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-6207 HIGH This Week

CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Controllogix 5580 Firmware Controllogix 5580 Process Firmware Guardlogix 5580 Firmware Compactlogix 5380 Firmware +4
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-9139 HIGH This Week

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
8.6
EPSS
1.4%
CVE-2024-47767 MEDIUM POC PATCH This Month

Tuleap is a tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-46528 MEDIUM POC PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
4.3
EPSS
1.6%
CVE-2024-45731 HIGH This Week

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Microsoft
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-43701 HIGH This Week

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-48824 HIGH This Week

An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48792 HIGH This Week

An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48791 HIGH This Week

An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48789 HIGH This Week

An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47831 HIGH PATCH This Week

Next.js is a React Framework for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-48799 HIGH This Week

An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48798 HIGH This Week

An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48797 HIGH This Week

An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48796 HIGH This Week

An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9823 HIGH PATCH This Week

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Bootstrap Os Active Iq Unified Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-9922 HIGH This Week

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Team Pro
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-35520 MEDIUM This Month

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R7000 Firmware
NVD
CVSS 3.1
6.8
EPSS
9.1%
CVE-2024-35519 MEDIUM This Month

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex3700 Firmware Ex6100 Firmware Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-35518 MEDIUM This Month

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-41997 MEDIUM This Month

An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Docker
NVD GitHub
CVSS 3.1
6.6
EPSS
1.2%
CVE-2024-45736 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-45732 MEDIUM This Month

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Splunk Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-8184 MEDIUM PATCH This Month

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Jetty
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-6762 MEDIUM PATCH This Month

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Jetty
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-9936 MEDIUM This Month

When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy