Skip to main content
CVE-2024-7025 HIGH POC This Week

Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-53603 HIGH POC This Week

A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Covid19 Testing Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-5921 HIGH POC This Week

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Paloalto Information Disclosure Globalprotect
NVD GitHub
CVSS 4.0
7.1
EPSS
1.5%
CVE-2024-36467 HIGH This Week

An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zabbix
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53860 HIGH PATCH This Week

sp-php-email-handler is a PHP package for handling contact form submissions. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-36468 HIGH This Week

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zabbix
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-52323 HIGH This Week

Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-54003 HIGH PATCH This Week

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Simple Queue
NVD
CVSS 3.1
8.0
EPSS
79.7%
CVE-2024-31976 HIGH This Week

EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ews356 Fir Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52951 HIGH This Week

Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD
CVSS 3.1
8.0
EPSS
1.1%
CVE-2024-53920 HIGH This Week

In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Emacs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-53859 HIGH PATCH This Week

go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Gh
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47181 HIGH PATCH This Week

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Contiki Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11219 HIGH This Week

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Otter Blocks
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy