Skip to main content
CVE-2024-35286 CRITICAL POC THREAT Act Now

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Node.js Micollab
NVD
CVSS 3.1
9.8
EPSS
65.6%
CVE-2024-48659 CRITICAL POC Act Now

An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Dcme 320 L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-41713 CRITICAL POC KEV THREAT Act Now

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Node.js Path Traversal Micollab
NVD
CVSS 3.1
9.1
EPSS
98.1%
CVE-2024-49368 HIGH POC THREAT This Week

Nginx UI is a web user interface for the Nginx web server. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nginx Nginx Ui
NVD GitHub
CVSS 4.0
8.9
EPSS
23.5%
CVE-2024-45309 HIGH POC PATCH THREAT This Week

OneDev is a Git server with CI/CD, kanban, and packages. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Onedev
NVD GitHub
CVSS 4.0
8.7
EPSS
24.8%
CVE-2024-48597 HIGH POC This Week

Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Clinic Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-49366 HIGH POC This Week

Nginx UI is a web user interface for the Nginx web server. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nginx Nginx Ui
NVD GitHub
CVSS 4.0
7.7
EPSS
0.6%
CVE-2024-48231 HIGH POC This Week

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Funadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-8625 HIGH POC This Week

The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ts Poll
NVD WPScan
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-46239 MEDIUM POC This Month

Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /doctor/edit-profile.php and adminremark parameter in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-46238 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the docname parameter in /admin/add-doctor.php and /admin/edit-doctor.php. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-35314 CRITICAL Act Now

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Micollab Mivoice Business Solution Virtual Instance
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-35285 CRITICAL Act Now

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Command Injection Micollab
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-48509 CRITICAL Act Now

Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Learning With Texts
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43689 CRITICAL Act Now

Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Wab I1750 Ps Firmware Wab S1167 Ps Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-40086 CRITICAL Act Now

A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-40085 CRITICAL Act Now

A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-40084 CRITICAL Act Now

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-40083 CRITICAL Act Now

A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-40087 CRITICAL Act Now

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-47223 CRITICAL Act Now

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Micollab
NVD
CVSS 3.1
9.4
EPSS
0.5%
CVE-2024-48709 MEDIUM POC This Month

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Membership Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46236 MEDIUM POC This Month

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Membership Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-40089 CRITICAL Act Now

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2024-10196 MEDIUM POC This Month

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-47685 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-10199 MEDIUM POC This Month

A vulnerability was found in code-projects Pharmacy Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pharmacy Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10198 MEDIUM POC This Month

A vulnerability was found in code-projects Pharmacy Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pharmacy Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10197 MEDIUM POC This Month

A vulnerability was found in code-projects Pharmacy Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-41714 HIGH This Week

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Micollab Mivoice Business Solution Virtual Instance
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-43945 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.9.91. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Latepoint
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-10202 HIGH This Week

Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Administrative Management System
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-10201 HIGH This Week

Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Administrative Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-47825 HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Cilium
NVD GitHub
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-48930 HIGH PATCH This Week

secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-47912 HIGH This Week

A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-6519 HIGH This Week

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Qemu
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-49996 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Linux Buffer Overflow Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49960 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49950 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Use After Free Information Disclosure Google +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49966 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49991 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49986 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Linux Use After Free Denial Of Service Google +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49989 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Amd Linux Debian Linux Linux Kernel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50055 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50007 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50063 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Authentication Bypass Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47718 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-47701 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49882 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy