Skip to main content
CVE-2024-47881 HIGH POC PATCH This Week

OpenRefine is a free, open source tool for working with messy data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi RCE Openrefine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-47879 HIGH POC PATCH This Week

OpenRefine is a free, open source tool for working with messy data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection CSRF Python RCE Openrefine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45262 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware B3000 Firmware +17
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-48208 HIGH POC This Week

pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Pure Ftpd
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2024-45261 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware B3000 Firmware +17
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-45260 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt6000 Firmware B1300 Firmware Mt2500 Firmware Axt1800 Firmware +17
NVD GitHub
CVSS 3.1
8.0
EPSS
3.9%
CVE-2024-48423 HIGH POC This Week

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Assimp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49359 HIGH POC This Week

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Zimaos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-49357 HIGH POC THREAT This Week

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zimaos
NVD GitHub
CVSS 3.1
7.5
EPSS
20.6%
CVE-2024-48931 HIGH POC This Week

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Path Traversal Zimaos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6049 HIGH POC This Week

The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2024-45263 HIGH This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mt6000 Firmware Mt3000 Firmware Mt2500 Firmware Axt1800 Firmware +17
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-48427 HIGH This Week

A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Packers And Movers Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-48441 HIGH This Week

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-48440 HIGH This Week

Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-10313 HIGH This Week

iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2024-48544 HIGH This Week

Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48547 HIGH This Week

Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48546 HIGH This Week

Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48545 HIGH This Week

Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48542 HIGH This Week

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48541 HIGH This Week

Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-10327 HIGH This Week

A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-5608 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-45242 HIGH This Week

EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
34.7%
CVE-2024-49691 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW woo-product-filter allows SQL Injection.7.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-7763 HIGH This Week

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Whatsup Gold
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48142 HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48141 HIGH This Week

A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48140 HIGH This Week

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48139 HIGH This Week

A prompt injection vulnerability in the chatbox of Blackbox AI v1.3.95 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-10295 HIGH This Week

A flaw was found in Gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Scale Api Management
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48454 HIGH This Week

An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Purchase Order Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy