Skip to main content
CVE-2024-10081 CRITICAL POC PATCH THREAT Act Now

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Codechecker
NVD GitHub
CVSS 3.1
10.0
EPSS
39.0%
CVE-2024-10915 CRITICAL POC THREAT Act Now

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware Dns 320Lw Firmware Dns 325 Firmware +1
NVD VulDB
CVSS 4.0
9.2
EPSS
79.1%
CVE-2024-10914 CRITICAL POC THREAT Act Now

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320 Firmware Dns 320Lw Firmware Dns 325 Firmware +1
NVD VulDB
CVSS 4.0
9.2
EPSS
97.4%
CVE-2024-48325 HIGH POC This Week

Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi I Educar
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-9307 CRITICAL Act Now

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress RCE Mfolio
NVD
CVSS 3.1
9.9
EPSS
7.8%
CVE-2024-50340 HIGH POC PATCH THREAT This Week

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
7.3
EPSS
63.4%
CVE-2024-10916 MEDIUM POC This Month

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dns 320 Firmware Dns 320Lw Firmware Dns 325 Firmware +1
NVD VulDB
CVSS 4.0
6.9
EPSS
1.5%
CVE-2024-51409 MEDIUM POC This Month

Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Denial Of Service O3 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51751 MEDIUM POC PATCH This Month

Gradio is an open-source Python package designed to enable quick builds of a demo or web application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Python Gradio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-9934 MEDIUM POC This Month

The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Imagezoom
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20418 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection
NVD
CVSS 3.1
10.0
EPSS
3.1%
CVE-2024-51736 CRITICAL PATCH Act Now

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Microsoft Symfony
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-8615 CRITICAL Act Now

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload Jobsearch Wp Job Board
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-50637 MEDIUM POC PATCH This Month

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Unopim
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10928 MEDIUM POC This Month

A vulnerability was found in MonoCMS up to 20240528. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Monocms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10927 MEDIUM POC This Month

A vulnerability was found in MonoCMS up to 20240528. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Monocms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-51757 CRITICAL PATCH Act Now

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-10919 MEDIUM POC This Month

A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Super Jacoco
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.9%
CVE-2024-10082 CRITICAL PATCH Act Now

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Codechecker
NVD GitHub
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-20536 HIGH This Week

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10826 HIGH This Week

Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8614 HIGH This Week

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Jobsearch Wp Job Board
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7879 MEDIUM POC This Month

The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9946 HIGH PATCH This Week

The Social Share, Social Login and Social Comments Plugin - Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Super Socializer
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-10020 HIGH PATCH This Week

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Social Login
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-34678 HIGH This Week

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20484 HIGH This Week

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Enterprise Chat And Email
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6861 HIGH This Week

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-10028 HIGH PATCH This Week

The Everest Backup - WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Everest Backup
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-34676 HIGH This Week

Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-20528 HIGH This Week

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Cisco Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-49401 HIGH This Week

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-34679 HIGH This Week

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-52043 MEDIUM This Month

Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Humhub
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-49409 MEDIUM This Month

Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Galaxy S24 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-49408 MEDIUM This Month

Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Galaxy S24 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-34681 MEDIUM This Month

Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-10941 MEDIUM This Month

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-51988 MEDIUM This Month

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Grafana
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20537 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-20531 MEDIUM This Month

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Cisco XXE Identity Services Engine
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20507 MEDIUM This Month

A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Meeting Management
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20457 MEDIUM This Month

A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-10920 LOW POC Monitor

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Java Information Disclosure Travels Java Api
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.4%
CVE-2024-9902 MEDIUM PATCH This Month

A flaw was found in Ansible. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-50345 MEDIUM PATCH This Month

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Open Redirect Symfony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-20538 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20530 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20525 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20511 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy