Skip to main content
CVE-2024-53472 HIGH POC This Week

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wegia
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30962 HIGH POC This Week

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Robot Operating System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30961 HIGH POC This Week

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Robot Operating System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-51554 HIGH This Week

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2024-51544 HIGH This Week

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
13.5%
CVE-2024-51543 HIGH This Week

Information Disclosure vulnerabilities allow access to application configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51542 HIGH This Week

Configuration Download vulnerabilities allow access to dependency configuration information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Path Traversal Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware +17
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-51541 HIGH This Week

Local File Inclusion vulnerabilities allow access to sensitive system information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI Abb PHP Information Disclosure Aspect Ent 12 Firmware +18
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-48847 HIGH This Week

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-11429 HIGH This Week

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews - Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress RCE LFI Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-11148 HIGH PATCH This Week

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Openbsd
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-6784 HIGH This Week

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-6515 HIGH This Week

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-51548 HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-51546 HIGH POC This Week

Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-11316 HIGH This Week

Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-12130 HIGH This Week

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rockwell RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11158 HIGH This Week

An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-11156 HIGH This Week

An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-11155 HIGH This Week

A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-54126 HIGH This Week

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Jwt Attack Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-53589 HIGH This Week

GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-52271 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-52270 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-53703 HIGH This Week

A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Sonicwall RCE Apache +5
NVD
CVSS 3.1
8.1
EPSS
12.7%
CVE-2024-45318 HIGH This Week

A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Sonicwall RCE Sma 200 Firmware +4
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-30964 HIGH This Week

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-30963 HIGH This Week

Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Buffer Overflow
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-52798 HIGH PATCH This Week

path-to-regexp turns path strings into a regular expressions. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 4.0
7.7
EPSS
0.8%
CVE-2024-48843 HIGH This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
7.6
EPSS
0.3%
CVE-2024-38910 HIGH This Week

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-53523 HIGH This Week

JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-53490 HIGH This Week

Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-53857 HIGH PATCH This Week

rPGP is a pure Rust implementation of OpenPGP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-53856 HIGH PATCH This Week

rPGP is a pure Rust implementation of OpenPGP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-11941 HIGH PATCH This Week

A vulnerability in Drupal Core allows Excessive Allocation.2.0 before 10.2.2, from 10.1.0 before 10.1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Drupal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-40763 HIGH This Week

Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Heap Overflow Buffer Overflow RCE Sonicwall Sma 200 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-52564 HIGH This Week

Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-37862 HIGH This Week

Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Buffer Overflow
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-37860 HIGH This Week

Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Buffer Overflow
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-48844 HIGH POC This Week

Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Abb Denial Of Service Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
7.2
EPSS
0.9%
CVE-2024-47133 HIGH This Week

UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2024-48846 HIGH POC This Week

Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb CSRF Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy