Skip to main content
CVE-2024-56159 HIGH POC PATCH This Week

Astro is a web framework for content-driven websites. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Astro
NVD GitHub
CVSS 4.0
7.8
EPSS
1.5%
CVE-2024-38819 HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
7.5
EPSS
54.9%
CVE-2024-55082 HIGH POC This Week

{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-54790 HIGH POC This Week

A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi PHP RCE Pre School Enrollment System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11740 HIGH POC This Week

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Download Manager
NVD
CVSS 3.1
7.3
EPSS
1.9%
CVE-2024-12729 HIGH PATCH This Week

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection RCE Sophos Firewall Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-25131 HIGH PATCH This Week

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-12700 HIGH This Week

There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-54150 HIGH This Week

cjwt is a C JSON Web Token (JWT) Implementation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-56200 HIGH This Week

Altair is a fork of Misskey v12. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-9154 HIGH This Week

A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device.8s0 (#2633). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-12672 HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12175 HIGH This Week

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11364 HIGH This Week

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Arena
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11157 HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12786 HIGH This Week

A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Adobe Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12111 HIGH This Week

In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass.3(4.4); 24.3(4.5). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Command Injection
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-4230 HIGH This Week

External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4229 HIGH This Week

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35141 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-56327 HIGH PATCH This Week

pyrage is a set of Python bindings for the rage file encryption library (age in Rust). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
CVE-2024-54663 HIGH This Week

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-55196 HIGH This Week

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-51532 HIGH This Week

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Powerstoreos
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy