Skip to main content
CVE-2024-51179 HIGH POC This Week

An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open5gs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-11125 MEDIUM POC This Month

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Getsimplecms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-11100 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11099 MEDIUM POC This Month

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-44102 CRITICAL PATCH Act Now

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Telecontrol Server Basic
NVD
CVSS 4.0
10.0
EPSS
1.0%
CVE-2024-43602 CRITICAL PATCH Act Now

Azure CycleCloud Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass RCE Microsoft Azure Cyclecloud
NVD
CVSS 3.1
9.9
EPSS
2.2%
CVE-2024-50386 CRITICAL Act Now

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Cloudstack
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2024-9836 MEDIUM POC This Month

The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rss Feed Widget
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-28729 CRITICAL Act Now

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE Dwr 2000M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-26011 CRITICAL Act Now

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios Fortipam Fortiproxy +3
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43639 CRITICAL PATCH Act Now

Windows KDC Proxy Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-43498 CRITICAL PATCH Act Now

.NET and Visual Studio Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Net Visual Studio 2022
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2024-49369 CRITICAL PATCH Act Now

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-50330 CRITICAL Act Now

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
40.5%
CVE-2024-10245 CRITICAL Act Now

The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-47535 MEDIUM POC PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Microsoft Netty
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-46890 CRITICAL Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Sinec Ins
NVD
CVSS 4.0
9.4
EPSS
0.7%
CVE-2024-46888 CRITICAL Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Sinec Ins
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-8074 CRITICAL Act Now

Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.10.2024. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-11127 MEDIUM POC This Month

A vulnerability was found in code-projects Job Recruitment up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11123 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Lingdang Crm
NVD VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2024-11122 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Lingdang Crm
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11121 MEDIUM POC This Month

A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lingdang Crm
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11102 MEDIUM POC This Month

A vulnerability was found in SourceCodester Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11096 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Task Manager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10218 CRITICAL Act Now

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS XXE
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-10217 CRITICAL Act Now

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-10943 CRITICAL Act Now

An authentication bypass vulnerability exists in the affected product. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.1
EPSS
0.5%
CVE-2024-11101 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-43415 CRITICAL PATCH Act Now

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-11115 HIGH This Week

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple XSS Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11113 HIGH This Week

Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-11112 HIGH This Week

Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-2208 HIGH This Week

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36513 HIGH This Week

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Microsoft Forticlient
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-23666 HIGH This Week

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortianalyzer Fortianalyzer Big Data Fortimanager
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-49056 HIGH This Week

Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Airlift Microsoft Com
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-49050 HIGH PATCH This Week

Visual Studio Code Python Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-49039 HIGH KEV PATCH THREAT This Week

Windows Task Scheduler Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
8.8
EPSS
13.7%
CVE-2024-49018 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Sql Server 2016 Sql Server 2017 Sql Server 2019
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-49017 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49016 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49015 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49014 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Sql Server 2016 Sql Server 2017 Sql Server 2019
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49013 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49012 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49011 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49010 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49009 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-49008 HIGH PATCH This Week

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy