Skip to main content
CVE-2024-49370 HIGH POC This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pimcore
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-49675 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User ibryl-switch-user allows Authentication Bypass.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-40431 HIGH This Week

A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-10283 HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Rx9 Pro Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-10282 HIGH This Week

A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Rx9 Pro Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-10281 HIGH This Week

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Rx9 Pro Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-20495 HIGH This Week

A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20494 HIGH This Week

A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20426 HIGH This Week

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service Microsoft Adaptive Security Appliance Software +1
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20402 HIGH This Week

A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20342 HIGH This Week

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Snort Firepower Threat Defense Software
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20260 HIGH This Week

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-47904 HIGH This Week

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intermesh 7177 Hybrid 2 0 Subscriber Intermesh 7707 Fire Subscriber Firmware
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-20412 HIGH This Week

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-49690 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-49701 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Mags mags.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-49657 HIGH This Week

Missing Authorization vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.7
EPSS
0.2%
CVE-2024-20408 HIGH This Week

A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-20268 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.7
EPSS
0.6%
CVE-2024-48964 HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Snyk Cli
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-48963 HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Snyk Cli
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-20351 HIGH This Week

A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20339 HIGH This Week

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service Firepower Threat Defense Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20330 HIGH This Week

A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-49684 HIGH This Week

Deserialization of Untrusted Data vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Object Injection.22.21. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-20374 HIGH This Week

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Secure Firewall Management Center
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-9927 HIGH This Week

The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Woocommerce Order Proposal
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-10280 HIGH This Week

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Tenda Denial Of Service Ac15 Firmware Ac7 Firmware +8
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.8%
CVE-2024-50066 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy