Skip to main content
CVE-2024-48948 MEDIUM POC PATCH This Month

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-9981 HIGH This Week

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP Ee Class
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9980 HIGH This Week

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ee Class
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9971 HIGH This Week

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Flowmaster Bpm Plus
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9970 HIGH This Week

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Flowmaster Bpm Plus
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9968 HIGH This Week

WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webeip
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9687 HIGH This Week

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp 2Fa With Telegram
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-48915 HIGH This Week

Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-47876 HIGH PATCH This Week

Sakai is a Collaboration and Learning Environment. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sakai
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47874 HIGH PATCH This Week

Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-47824 HIGH PATCH This Week

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-47080 HIGH PATCH This Week

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-38190 HIGH PATCH This Week

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Power Platform
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2024-9594 HIGH PATCH This Week

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-21283 HIGH This Week

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21282 HIGH This Week

Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21280 HIGH This Week

Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Service Contracts
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21279 HIGH This Week

Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21278 HIGH This Week

Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21277 HIGH This Week

Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21276 HIGH This Week

Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21275 HIGH This Week

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21271 HIGH This Week

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21270 HIGH This Week

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21269 HIGH This Week

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21268 HIGH This Week

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21267 HIGH This Week

Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21266 HIGH This Week

Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21265 HIGH This Week

Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21252 HIGH This Week

Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Product Hub
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21250 HIGH This Week

Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Process Manufacturing Product Development
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21214 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-9956 HIGH This Week

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-45273 HIGH This Week

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mbnet Mini Firmware Myrex24 V2 Virtual Server Rex 300 Firmware Rex 200 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45271 HIGH This Week

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Mbnet Mini Firmware Rex 100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0129 HIGH This Week

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Nvidia Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21195 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Oracle Bi Publisher
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-21191 HIGH This Week

Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Fusion Middleware
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-44775 HIGH This Week

kmqtt v0.2.7 is vulnerable to Denial of Service (DoS) due to a Null Pointer Exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Request Smuggling Kmqtt
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-45085 HIGH This Week

IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48783 HIGH This Week

An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Nbr3000D E Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-21274 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21272 HIGH PATCH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Python Oracle MySQL
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21260 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21259 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-21246 HIGH This Week

Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Service Bus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21234 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21215 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Fusion Middleware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-21190 HIGH This Week

Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Fusion Middleware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-5749 HIGH This Week

Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass HP F9A29A Firmware F9A29B Firmware F9A29C Firmware +12
NVD
CVSS 3.1
7.5
EPSS
1.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy