Skip to main content
CVE-2024-51021 HIGH This Week

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware R7000P Firmware R6400V2 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-51010 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51009 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51008 HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51005 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-50993 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-50131 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-50127 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch /. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-50121 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 >. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-7995 HIGH This Week

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vred
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50130 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50129 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating over PI structures. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50126 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50125 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50124 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50114 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50112 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Intel Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49522 HIGH This Week

Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-47255 HIGH This Week

In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Access Commander
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-47797 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47404 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47137 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9579 HIGH This Week

A potential vulnerability was discovered in certain Poly video conferencing devices. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Command Injection Poly Tc8 Firmware Poly Tc10 Firmware Poly Studio G7500 Firmware Poly Studio X30 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-51523 HIGH This Week

Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-51518 HIGH This Week

Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-10263 HIGH PATCH This Week

The Tickera - WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Tickera
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-47463 HIGH This Week

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-47462 HIGH This Week

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-47461 HIGH This Week

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-49774 HIGH This Week

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP Suitecrm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-47254 HIGH This Week

In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Access Commander
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-47253 HIGH This Week

In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Access Commander
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-50128 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qualcomm Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-50123 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-50115 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-50106 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Apple +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-47464 MEDIUM This Month

An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-51493 MEDIUM PATCH This Month

OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octoprint
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-49773 MEDIUM This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-51362 MEDIUM This Month

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-10340 MEDIUM This Month

The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-49377 MEDIUM PATCH This Month

OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Octoprint
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9667 MEDIUM PATCH This Month

The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seriously Simple Podcasting
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31448 MEDIUM This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-51498 MEDIUM This Month

cobalt is a media downloader that doesn't piss you off. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
6.0
EPSS
0.5%
CVE-2024-52030 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52029 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52028 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52026 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52025 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy