Skip to main content
CVE-2024-12107 HIGH POC This Week

Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ud3Tn
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48453 CRITICAL Act Now

An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-40744 CRITICAL Act Now

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Convert Forms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54154 CRITICAL Act Now

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Youtrack
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52676 MEDIUM POC This Month

Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Discussion Forum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10576 CRITICAL Act Now

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2024-12183 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12182 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12181 MEDIUM POC This Month

A vulnerability classified as problematic was found in DedeCMS 5.7.116. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12180 MEDIUM POC This Month

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12138 MEDIUM POC This Month

A vulnerability classified as critical was found in horilla up to 1.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Horilla
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10587 HIGH This Week

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-39219 HIGH This Week

An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-39163 HIGH This Week

binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-11643 HIGH This Week

The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-51465 HIGH This Week

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection App Connect Enterprise Certified Container
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-42456 HIGH This Week

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-42452 HIGH This Week

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-40717 HIGH This Week

A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53982 HIGH This Week

ZOO-Project is a C-based WPS (Web Processing Service) implementation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-9404 HIGH This Week

This vulnerability could lead to denial-of-service or service crashes. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-54134 HIGH PATCH MAL This Week

A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.3
EPSS
0.4%
CVE-2024-52275 HIGH This Week

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.03.06.50. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac6 Firmware
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2024-52274 HIGH This Week

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.03.06.50. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac6 Firmware
NVD
CVSS 4.0
8.3
EPSS
0.4%
CVE-2024-52273 HIGH This Week

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.03.06.50. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac6 Firmware
NVD
CVSS 4.0
8.3
EPSS
0.4%
CVE-2024-52272 HIGH This Week

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.03.06.50. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac6 Firmware
NVD
CVSS 4.0
8.3
EPSS
0.4%
CVE-2024-37574 HIGH This Week

The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-52269 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2024-52277 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-52276 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-12149 HIGH This Week

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-8894 HIGH This Week

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption
NVD
CVSS 4.0
8.1
EPSS
0.2%
CVE-2024-11293 HIGH This Week

The Registration Forms - User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-11398 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Router Manager
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-42455 HIGH This Week

A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Deserialization Veeam Backup Replication
NVD
CVSS 3.1
8.1
EPSS
15.1%
CVE-2024-42453 HIGH This Week

A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Veeam Backup Replication
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-53139 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Debian Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-53133 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-53126 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10952 HIGH This Week

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection WordPress
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2024-50947 HIGH This Week

An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kmqtt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37575 HIGH This Week

The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-11952 HIGH This Week

The Classic Addons - WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP WordPress Microsoft RCE +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-10567 HIGH This Week

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-12147 HIGH This Week

A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.8%
CVE-2024-45205 HIGH This Week

An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Ubiquiti
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2024-42449 HIGH This Week

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
7.1
EPSS
5.8%
CVE-2024-45207 HIGH This Week

DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Microsoft Veeam Agent For Windows
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2024-53614 MEDIUM This Month

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-12196 MEDIUM This Month

Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy