Skip to main content
CVE-2024-52547 HIGH POC This Week

An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-46624 HIGH This Week

An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-46625 HIGH This Week

An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-51771 HIGH This Week

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-51114 HIGH This Week

An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-12053 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45106 HIGH PATCH This Week

Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Ozone
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-51772 HIGH This Week

An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-29404 HIGH This Week

An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-10074 HIGH This Week

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47476 HIGH This Week

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Dell Networker Management Console
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-49413 HIGH This Week

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49410 HIGH This Week

Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50948 HIGH This Week

mochiMQTT v2.6.3 is vulnerable to Denial of Service (DoS) due to improper resource management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-48080 HIGH This Week

An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41777 HIGH This Week

IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Cognos Controller
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-41775 HIGH This Week

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54000 HIGH PATCH This Week

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-11391 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP File Upload Advanced File Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-42422 HIGH This Week

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Networker
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-49420 HIGH This Week

Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8748 HIGH This Week

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Lte3301 Plus Firmware Lte5388 M804 Firmware +61
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-54131 HIGH PATCH This Week

The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD GitHub
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-45757 HIGH This Week

An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-9200 HIGH This Week

A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Command Injection Emg6726 B10a Firmware Vmg3927 B50B Firmware Vmg4005 B50a Firmware +3
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-45068 HIGH This Week

Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy