Skip to main content
CVE-2024-53507 CRITICAL POC Act Now

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-53506 CRITICAL POC Act Now

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-53505 CRITICAL POC Act Now

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-53504 CRITICAL POC Act Now

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-11482 CRITICAL POC Act Now

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-49360 HIGH POC This Week

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Sandboxie
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-53861 HIGH POC PATCH This Week

pyjwt is a JSON Web Token implementation in Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pyjwt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-53980 MEDIUM POC PATCH This Month

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Riot
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-36622 CRITICAL PATCH Act Now

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection PHP Command Injection RCE Raspap Webgui
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-49806 CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-49805 CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-52782 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52781 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52780 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52779 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52778 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52777 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48406 CRITICAL Act Now

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-36671 CRITICAL Act Now

nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-50357 CRITICAL Act Now

FutureNet NXR series routers provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2024-11979 CRITICAL Act Now

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-10980 MEDIUM POC This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Element Pack
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11995 MEDIUM POC This Month

A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-35366 CRITICAL PATCH Act Now

FFmpeg n6.1.1 is Integer Overflow. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-11992 CRITICAL Act Now

Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-49803 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Verify Access
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10704 MEDIUM POC This Month

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-35451 MEDIUM POC This Month

LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Linkstack
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-54124 HIGH This Week

In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11980 HIGH This Week

Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-53979 HIGH This Week

ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-53865 HIGH PATCH This Week

zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Python Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-11481 HIGH This Week

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Enterprise Security Manager
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-36623 HIGH PATCH This Week

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Race Condition Denial Of Service Moby
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-49804 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Security Verify Access
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-53623 HIGH This Week

Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36612 HIGH PATCH This Week

Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Zulip Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-35371 HIGH PATCH This Week

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36611 HIGH This Week

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-11981 HIGH This Week

Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11978 HIGH This Week

DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-11983 HIGH This Week

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-11982 HIGH This Week

Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-11013 HIGH This Week

Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-53848 HIGH PATCH This Week

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-52810 MEDIUM PATCH This Month

@intlify/shared is a shared library for the intlify project. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-36616 MEDIUM PATCH This Month

An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-36621 MEDIUM PATCH This Month

moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Race Condition Information Disclosure Moby
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-36620 MEDIUM PATCH This Month

moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Moby
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-52003 MEDIUM PATCH This Month

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Traefik
NVD GitHub
CVSS 4.0
6.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy