Skip to main content
CVE-2024-10478 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms up to 2.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pb Cms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-10477 MEDIUM POC This Month

A vulnerability classified as problematic was found in LinZhaoguan pb-cms up to 2.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pb Cms
NVD VulDB
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-9990 HIGH This Week

The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Crypto Tool
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-50481 HIGH This Week

Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-10488 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-50466 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite - Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Darkmysite
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-7985 HIGH PATCH This Week

The FileOrganizer - Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Fileorganizer
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-10467 HIGH This Week

Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-10436 HIGH This Week

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress RCE LFI Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22065 HIGH This Week

There is a command injection vulnerability in ZTE MF258 Pro product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf258k Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-8924 HIGH This Week

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Servicenow
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-50550 HIGH This Week

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.5.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-8143 MEDIUM POC PATCH This Month

In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-48955 HIGH This Week

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-9997 HIGH This Week

A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9996 HIGH This Week

A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9827 HIGH This Week

A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9826 HIGH This Week

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Autocad +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9489 HIGH This Week

A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8896 HIGH This Week

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Autocad Autocad Advance Steel Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8600 HIGH This Week

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8599 HIGH This Week

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8598 HIGH This Week

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8597 HIGH This Week

A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8596 HIGH This Week

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8595 HIGH This Week

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Autocad +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8594 HIGH This Week

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Autocad +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8593 HIGH This Week

A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8592 HIGH This Week

A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8591 HIGH This Week

A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Autocad +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8590 HIGH This Week

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Autocad +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8589 HIGH This Week

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8588 HIGH This Week

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Advance Steel +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7992 HIGH This Week

A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7991 HIGH This Week

A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8587 HIGH This Week

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Advance Steel +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50088 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50074 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50073 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure VMware Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-50071 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() 'new_map' is allocated using devm_* which takes care of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44080 HIGH This Week

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jitsi Meet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-49769 HIGH PATCH This Week

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Waitress
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-10466 HIGH This Week

By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-10459 HIGH This Week

An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-10458 HIGH This Week

A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-47401 HIGH PATCH This Week

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-50083 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4:. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-47640 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs WP ERP erp allows Reflected XSS.13.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-41153 HIGH This Week

Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tro610 Firmware Tro620 Firmware Tro670 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-49678 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jinwen js paper js-paper allows Reflected XSS.5.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy