Skip to main content
CVE-2024-31029 HIGH POC This Week

An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-48605 HIGH POC This Week

An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Helakuru
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-48570 HIGH POC This Week

Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Client Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48657 HIGH POC This Week

SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Hospital Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-45518 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS Command Injection Collaboration
NVD
CVSS 3.1
8.8
EPSS
20.3%
CVE-2024-38002 HIGH PATCH This Week

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-26273 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-26272 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-26271 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-10002 HIGH PATCH This Week

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Rover Idx
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-47819 HIGH PATCH This Week

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-43812 HIGH This Week

Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2024-9987 HIGH This Week

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality.3. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pandora Fms
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-35308 HIGH This Week

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature.3. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Pandora Fms
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2024-46482 HIGH This Week

An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS File Upload
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-9050 HIGH This Week

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-7587 HIGH This Week

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Genesis64 Mc Works64
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-48903 HIGH This Week

An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deep Security Agent
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-45334 HIGH This Week

Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Antivirus One
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-41183 HIGH This Week

Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Vpn
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-9677 HIGH This Week

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Uos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42643 HIGH This Week

Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39753 HIGH This Week

An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SQLi RCE Trend Micro Apex One
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-10234 HIGH This Week

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Keycloak Jboss Enterprise Application Platform
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-9627 HIGH This Week

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Teplobot
NVD
CVSS 3.1
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy