Skip to main content
CVE-2024-48311 HIGH POC This Week

Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39720 HIGH POC PATCH This Week

An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ollama
NVD GitHub
CVSS 3.1
8.2
EPSS
2.5%
CVE-2024-51066 HIGH POC This Week

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Beauty Parlour Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48360 HIGH POC This Week

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Qualitor
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-39722 HIGH POC This Week

An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ollama
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-39721 HIGH POC This Week

An issue was discovered in Ollama before 0.1.34. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ollama
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-39719 HIGH POC This Week

An issue was discovered in Ollama through 0.3.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ollama
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2024-51254 HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43984 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.1.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Podlove Podcast Publisher
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-21537 HIGH PATCH This Week

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-48200 HIGH This Week

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-43383 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Apache Authentication Bypass Lucene Net
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-8185 HIGH PATCH This Week

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault Openbao
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy