Skip to main content
CVE-2024-35584 HIGH POC This Week

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
8.8
EPSS
6.5%
CVE-2024-9961 HIGH POC This Week

Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-9957 HIGH POC This Week

Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-41311 HIGH POC PATCH This Week

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libheif Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-48282 HIGH POC This Week

A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-48280 HIGH POC This Week

A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-48279 HIGH POC This Week

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE User Registration Login And User Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-9960 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41344 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-38139 HIGH PATCH This Week

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Dataverse
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9959 HIGH This Week

Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-9955 HIGH This Week

Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9954 HIGH This Week

Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2024-21255 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-21254 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-9981 HIGH This Week

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP Ee Class
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9980 HIGH This Week

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ee Class
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9971 HIGH This Week

The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Flowmaster Bpm Plus
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9970 HIGH This Week

The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Flowmaster Bpm Plus
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9968 HIGH This Week

WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webeip
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9687 HIGH This Week

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp 2Fa With Telegram
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-48915 HIGH This Week

Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-47876 HIGH PATCH This Week

Sakai is a Collaboration and Learning Environment. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sakai
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47874 HIGH PATCH This Week

Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-47824 HIGH PATCH This Week

matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-47080 HIGH PATCH This Week

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-38190 HIGH PATCH This Week

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Power Platform
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2024-9594 HIGH PATCH This Week

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-21283 HIGH This Week

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21282 HIGH This Week

Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21280 HIGH This Week

Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Service Contracts
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21279 HIGH This Week

Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21278 HIGH This Week

Vulnerability in the Oracle Contract Lifecycle Management for Public Sector product of Oracle E-Business Suite (component: Award Processes). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21277 HIGH This Week

Vulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21276 HIGH This Week

Vulnerability in the Oracle Work in Process product of Oracle E-Business Suite (component: Messages). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21275 HIGH This Week

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21271 HIGH This Week

Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Field Service Engineer Portal). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21270 HIGH This Week

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21269 HIGH This Week

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21268 HIGH This Week

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21267 HIGH This Week

Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21266 HIGH This Week

Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21265 HIGH This Week

Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle E Business Suite
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21252 HIGH This Week

Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Product Hub
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21250 HIGH This Week

Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Process Manufacturing Product Development
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21214 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-9956 HIGH This Week

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-45273 HIGH This Week

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mbnet Mini Firmware Myrex24 V2 Virtual Server Rex 300 Firmware Rex 200 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45271 HIGH This Week

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Mbnet Mini Firmware Rex 100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0129 HIGH This Week

NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Nvidia Nemo
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy