Skip to main content
CVE-2024-55879 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-55877 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-55662 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11274 HIGH POC This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Open Redirect Kubernetes
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-49138 HIGH POC KEV PATCH THREAT This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
25.4%
CVE-2024-47541 HIGH POC PATCH This Week

An out-of-bounds write vulnerability exists in GStreamer's SSA subtitle parser (gstssaparse.c) that occurs when malformed SubStation Alpha style override codes contain a closing curly bracket before an opening bracket. This triggers progressively larger memory writes via memmove(), leading to memory corruption and denial of service. A public proof-of-concept exploit is available from GitHub Security Lab (GHSL-2024-228), though the EPSS score remains relatively low at 0.09% (25th percentile), indicating limited observed exploitation activity in the wild.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47542 HIGH POC PATCH This Week

A null pointer dereference vulnerability exists in the GStreamer multimedia framework's ID3v2 tag parsing functionality, specifically in the id3v2_read_synch_uint function. The vulnerability allows remote attackers to cause a Denial of Service (DoS) through a segmentation fault without requiring authentication or user interaction. A public proof-of-concept exploit is available from GitHub Security Lab (GHSL-2024-235), though EPSS scoring indicates only a 0.08% probability of active exploitation in the wild (23rd percentile).

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-8233 HIGH POC This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-10499 HIGH POC This Week

The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ai Engine
NVD WPScan
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-54498 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-54505 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-12040 HIGH This Week

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress RCE LFI Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10590 HIGH This Week

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Nginx File Upload
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11689 HIGH This Week

The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11443 HIGH This Week

The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-55587 HIGH This Week

python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Python
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-49125 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-49117 HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-49104 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-49102 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-49093 HIGH This Week

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 24h2 Windows Server 2025
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-49086 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-49085 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-49080 HIGH This Week

Windows IP Routing Management Snapin Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-12382 HIGH This Week

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2024-12381 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-11950 HIGH This Week

XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Xnview
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-11949 HIGH This Week

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Archiver
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-11947 HIGH This Week

GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Archiver
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-55659 HIGH PATCH This Week

SiYuan is a personal knowledge management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal XSS Siyuan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-55658 HIGH PATCH This Week

SiYuan is a personal knowledge management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siyuan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-55657 HIGH PATCH This Week

SiYuan is a personal knowledge management system. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siyuan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-54514 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-55663 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Xwiki
NVD GitHub
CVSS 4.0
8.6
EPSS
0.7%
CVE-2024-42407 HIGH This Week

Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-28146 HIGH This Week

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-28143 HIGH This Week

The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-49105 HIGH This Week

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Remote Desktop Client Windows App Windows 10 1507 +14
NVD
CVSS 3.1
8.4
EPSS
1.5%
CVE-2024-49063 HIGH This Week

Microsoft/Muzic Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft Muzic
NVD
CVSS 3.1
8.4
EPSS
1.7%
CVE-2024-49068 HIGH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Sharepoint Server
NVD
CVSS 3.1
8.2
EPSS
1.7%
CVE-2024-10111 HIGH This Week

The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-12312 HIGH This Week

The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-49132 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows 10 1809 +9
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-49128 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows Server 2012 +5
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-49127 HIGH This Week

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-49126 HIGH This Week

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-49124 HIGH This Week

Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Race Condition Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2024-49123 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-49122 HIGH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
8.1
EPSS
20.4%
CVE-2024-49120 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
8.1
EPSS
1.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy