Skip to main content
CVE-2024-55875 CRITICAL POC PATCH GHSA Act Now

http4k is a functional toolkit for Kotlin HTTP applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE XXE Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-54811 CRITICAL POC Act Now

A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Park Ticketing Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54810 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Pre School Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-55099 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-54842 CRITICAL POC Act Now

A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54534 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-21574 CRITICAL Act Now

The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-44242 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44241 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Apple Ipados Iphone Os
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44299 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42448 CRITICAL Act Now

From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
9.9
EPSS
20.1%
CVE-2024-47540 CRITICAL PATCH Act Now

An uninitialized stack variable vulnerability in GStreamer's Matroska demuxer leads to function pointer hijacking when processing malformed media files with specific size conditions. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by crafting malicious Matroska/WebM files. With a critical CVSS score of 9.8 and being tagged as RCE, this represents a severe risk for applications using GStreamer for media processing.

RCE Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-47606 CRITICAL PATCH Act Now

A critical integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) leads to memory corruption and arbitrary code execution when processing specially crafted media files. The vulnerability affects all GStreamer versions prior to 1.24.10, allowing remote attackers to execute arbitrary code without authentication by providing malicious media content. With a CVSS score of 9.8 and patches available, this represents a severe risk for applications using GStreamer for media processing.

RCE Debian Linux Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-47539 CRITICAL PATCH Act Now

An out-of-bounds write vulnerability in GStreamer's isomp4/qtdemux.c allows remote attackers to overwrite up to 3 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be exploited without authentication over the network, potentially leading to remote code execution. While no active exploitation has been reported (not in KEV), the vulnerability has a critical CVSS score of 9.8 and patches are available.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47537 CRITICAL PATCH Act Now

An integer overflow vulnerability in GStreamer's QuickTime demuxer leads to out-of-bounds memory writes when processing malicious media files with crafted sample count values. The vulnerability affects all GStreamer versions prior to 1.24.10 and allows remote attackers to achieve arbitrary code execution without authentication by serving specially crafted media files. With a critical CVSS score of 9.8 and network-based attack vector, this presents a severe risk for applications using GStreamer for media processing.

Buffer Overflow Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47607 CRITICAL PATCH Act Now

A stack-based buffer overflow vulnerability exists in GStreamer's Opus audio decoder that allows remote attackers to execute arbitrary code by overwriting the instruction pointer (EIP) on the stack. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered when processing specially crafted Opus audio streams with more than 64 channels. While not currently listed in CISA KEV and with no public exploit code identified, the vulnerability has a critical CVSS score of 9.8 due to its remote exploitability without authentication.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47538 CRITICAL PATCH Act Now

A stack buffer overflow vulnerability exists in GStreamer's Vorbis audio decoder that allows remote attackers to execute arbitrary code without authentication. The flaw occurs when processing malicious Vorbis audio files with more than 64 channels, leading to stack memory corruption and potential control over the instruction pointer (EIP). While not currently in CISA's Known Exploited Vulnerabilities catalog, the vulnerability has a critical CVSS score of 9.8 and patches are available.

Buffer Overflow Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47615 CRITICAL PATCH Act Now

A critical out-of-bounds write vulnerability exists in GStreamer's Vorbis parser that allows remote code execution by processing malicious media files. The flaw affects all GStreamer versions prior to 1.24.10 and enables attackers to overwrite up to 380 bytes of memory beyond array boundaries, potentially leading to arbitrary code execution without authentication. The vulnerability has been assigned a maximum CVSS score of 9.8, indicating critical severity with network-based exploitation possible.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-47613 CRITICAL PATCH Act Now

A null pointer dereference vulnerability exists in GStreamer's GdkPixbuf decoder that occurs when processing specially crafted media files, causing the application to crash with a segmentation fault. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to trigger a denial of service without authentication or user interaction. While rated CVSS 9.8, this appears to be primarily a DoS vulnerability despite the high confidentiality/integrity scores, with no evidence of active exploitation in the wild or inclusion in CISA's KEV catalog.

Denial Of Service Gstreamer
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-49147 CRITICAL Act Now

Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Microsoft Update Catalog
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-10124 CRITICAL Act Now

The Vayu Blocks - Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE WordPress
NVD
CVSS 3.1
9.8
EPSS
31.2%
CVE-2024-11015 CRITICAL Act Now

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Google
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-54506 CRITICAL Act Now

An out-of-bounds access issue was addressed with improved bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple RCE macOS
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-54465 CRITICAL Act Now

A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-49112 CRITICAL Act Now

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
9.8
EPSS
70.9%
CVE-2024-11948 CRITICAL Act Now

GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Archiver
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-50339 CRITICAL Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 4.0
9.3
EPSS
19.6%
CVE-2024-21575 CRITICAL Act Now

ComfyUI-Impact-Pack is vulnerable to Path Traversal. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 4.0
9.2
EPSS
1.0%
CVE-2024-47600 CRITICAL PATCH Act Now

A buffer overflow vulnerability in GStreamer's media discovery component allows remote attackers to read sensitive stack memory and potentially crash applications. The flaw occurs when processing media files with more than 64 audio channels, causing the format_channel_mask function to read beyond array bounds. With a CVSS score of 9.1 and network-based attack vector requiring no authentication, this represents a critical risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47597 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's MP4 demuxer that allows remote attackers to read up to 8 bytes beyond allocated memory boundaries when processing malformed MP4 files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by serving a malicious MP4 file, potentially exposing sensitive memory contents or causing application crashes. A proof-of-concept file (GHSL-2024-245_crash1.mp4) has been publicly disclosed, and while not currently in CISA's KEV catalog, the vulnerability has a critical CVSS score of 9.1.

Information Disclosure Buffer Overflow Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47834 CRITICAL PATCH Act Now

A use-after-free vulnerability in GStreamer's Matroska demuxer allows remote attackers to cause denial of service or potentially disclose sensitive information by sending specially crafted Matroska media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing CodecPrivate elements in Matroska streams. No active exploitation has been reported (not in KEV), and no public proof-of-concept exists, though the network-accessible nature and low complexity make it a credible threat.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47777 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to read 4 bytes of memory beyond buffer boundaries when processing specially crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can lead to information disclosure or application crashes when parsing malicious media files. While no active exploitation has been reported and the vulnerability is not listed in CISA's KEV catalog, the network-based attack vector and lack of authentication requirements make this a significant security concern for applications using GStreamer for media processing.

Information Disclosure Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47776 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to crash applications or potentially leak sensitive memory contents when processing maliciously crafted WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication through network-accessible media processing applications. While no active exploitation has been observed in the wild (not in KEV), the vulnerability has a high CVSS score of 9.1 and detailed technical analysis is publicly available.

Denial Of Service Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47775 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's WAV file parser that allows remote attackers to crash applications or potentially leak sensitive memory contents when processing malformed WAV files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication through network-accessible applications using the library. While no public exploits or KEV listings exist, the high CVSS score of 9.1 reflects the potential for both denial of service and information disclosure impacts.

Denial Of Service Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47598 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability exists in GStreamer's qtdemux component that allows reading 4 bytes beyond allocated memory boundaries when processing media files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be exploited remotely without authentication to potentially expose sensitive information or cause application crashes. With a CVSS score of 9.1 and network-based attack vector, this represents a significant risk for applications using GStreamer for media processing, though no active exploitation or public proof-of-concept has been reported.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-47774 CRITICAL PATCH Act Now

A critical out-of-bounds read vulnerability exists in GStreamer's AVI subtitle parsing functionality, allowing remote attackers to read sensitive memory contents and potentially crash applications. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when processing maliciously crafted AVI files with subtitle chunks. With a CVSS score of 9.1 and requiring no authentication or user interaction for exploitation, this represents a severe risk for applications using GStreamer for media processing.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-55884 CRITICAL Act Now

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable(). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Google RCE Memory Corruption
NVD GitHub
CVSS 3.1
9.0
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy