Skip to main content
CVE-2024-11745 HIGH POC This Week

A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac8 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-32965 HIGH POC PATCH THREAT This Week

Lobe Chat is an open-source, AI chat framework. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
CVSS 3.1
8.6
EPSS
23.7%
CVE-2024-33605 HIGH POC This Week

Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2024-8114 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53555 HIGH This Week

A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-36463 HIGH This Week

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10729 HIGH This Week

The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-52899 HIGH This Week

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Data Virtualization Manager For Z Os
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11700 HIGH This Week

Malicious websites may have been able to perform user intent confirmation through tapjacking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-53843 HIGH PATCH This Week

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-52336 HIGH This Week

A script injection vulnerability was identified in the Tuned package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38831 HIGH This Week

VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38830 HIGH This Week

VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49053 HIGH This Week

Microsoft Dynamics 365 Sales Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Dynamics 365 Sales
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-53675 HIGH This Week

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Insight Remote Support
NVD
CVSS 3.1
7.5
EPSS
83.9%
CVE-2024-53674 HIGH This Week

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Insight Remote Support
NVD
CVSS 3.1
7.5
EPSS
47.4%
CVE-2024-11622 HIGH This Week

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Insight Remote Support
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-8237 HIGH This Week

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8177 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11828 HIGH This Week

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11669 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11702 HIGH This Week

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-51569 HIGH PATCH This Week

Out-of-bounds Read vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Apache Information Disclosure Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-47257 HIGH This Week

Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36254 HIGH This Week

Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-36251 HIGH This Week

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2024-10781 HIGH PATCH This Week

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE WordPress Spam Protection Antispam Firewall
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2024-10570 HIGH This Week

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-10542 HIGH PATCH This Week

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass RCE WordPress Anti Spam
NVD
CVSS 3.1
7.5
EPSS
15.2%
CVE-2024-8676 HIGH PATCH This Week

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Checkpoint
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-36249 HIGH This Week

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-9461 HIGH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Command Injection Total Upkeep
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50369 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50368 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50367 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50366 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50365 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50364 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50363 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50362 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50361 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-50360 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50359 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-50358 HIGH This Week

A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eki 6333Ac 1Gpo Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 2G Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-9504 HIGH This Week

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-49597 HIGH This Week

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy