Skip to main content
CVE-2024-30616 HIGH POC PATCH This Week

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51329 HIGH POC This Week

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Agile Board
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51326 HIGH POC This Week

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Travel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-48809 HIGH POC This Week

An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Onos A1T Sdran In A Box
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-51127 HIGH POC This Week

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hornetq
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-45164 HIGH POC This Week

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Secure Internet Access Enterprise Threatavert
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-10750 HIGH POC This Week

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Tenda Denial Of Service I22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.8%
CVE-2024-36485 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-48878 HIGH This Week

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-51626 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.5
EPSS
1.1%
CVE-2024-51734 HIGH PATCH This Week

Zope AccessControl provides a general security framework for use in Zope. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-48336 HIGH This Week

The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-20104 HIGH This Week

In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-45893 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-45891 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-45890 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-45889 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-45888 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.0%
CVE-2024-45887 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-45885 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-45884 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.1%
CVE-2024-45882 HIGH This Week

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-51253 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doL2TP function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-51251 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the backup function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-51249 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-51246 HIGH This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-51582 HIGH This Week

Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-38424 HIGH PATCH This Week

Memory corruption during GNSS HAL process initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Snapdragon W5 Gen 1 Wearable Platform Firmware Snapdragon 8 Gen 2 Mobile Platform Firmware +115
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38423 HIGH PATCH This Week

Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8835 Firmware Wsa8830 Firmware Wsa8815 Firmware Wsa8810 Firmware +199
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38422 HIGH PATCH This Week

Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +259
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38421 HIGH PATCH This Week

Memory corruption while processing GPU commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +74
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38419 HIGH PATCH This Week

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +144
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38415 HIGH PATCH This Week

Memory corruption while handling session errors from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +170
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38410 HIGH PATCH This Week

Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-38409 HIGH PATCH This Week

Memory corruption while station LL statistic handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33033 HIGH PATCH This Week

Memory corruption while processing IOCTL calls to unmap the buffers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Wsa8845h Firmware Wsa8845 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-51672 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks betterlinks allows SQL Injection.1.7. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.8%
CVE-2024-50528 HIGH This Week

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Retrieve Embedded Sensitive Data.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-51500 HIGH PATCH This Week

Meshtastic firmware is a device firmware for the Meshtastic project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Meshtastic Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30619 HIGH PATCH This Week

Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-51560 HIGH This Week

This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aero Wave 2 0
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-51559 HIGH This Week

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aero Wave 2 0
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-51557 HIGH This Week

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aero Wave 2 0
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-51556 HIGH This Week

This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API response. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Aero Wave 2 0
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-38407 HIGH PATCH This Week

Memory corruption while processing input parameters for any IOCTL call in the JPEG Encoder driver. Rated high severity (CVSS 7.0).

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +40
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-38406 HIGH PATCH This Week

Memory corruption while handling IOCTL calls in JPEG Encoder driver. Rated high severity (CVSS 7.0).

Buffer Overflow Wsa8845h Firmware Wsa8845 Firmware Wsa8840 Firmware Wsa8835 Firmware +40
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy