Skip to main content
CVE-2024-55947 HIGH POC PATCH THREAT This Week

Gogs is an open source self-hosted Git service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gogs
NVD GitHub
CVSS 4.0
8.7
EPSS
75.2%
CVE-2024-54148 HIGH POC PATCH This Week

Gogs is an open source self-hosted Git service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gogs
NVD GitHub
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-12899 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Attendance Tracking Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-23945 MEDIUM POC PATCH This Month

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Information Disclosure Hive Spark
NVD GitHub
CVSS 3.1
5.9
EPSS
1.5%
CVE-2024-46873 CRITICAL Act Now

Multiple SHARP routers leave the hidden debug function enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2024-12898 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Attendance Tracking Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-40896 CRITICAL Act Now

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Libxml2 Hci Compute Node Solidfire Hci Management Node Solidfire Hci Storage Node +5
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-45387 HIGH PATCH This Week

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Traffic Control
NVD
CVSS 3.1
8.8
EPSS
41.8%
CVE-2024-12902 HIGH This Week

ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-56378 MEDIUM POC PATCH This Month

libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Poppler
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-53961 HIGH This Week

ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Coldfusion
NVD
CVSS 3.1
8.1
EPSS
13.4%
CVE-2024-56363 HIGH This Week

APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-53256 HIGH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-12903 HIGH This Week

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-54082 HIGH This Week

home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2024-45721 HIGH This Week

home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2024-12901 MEDIUM This Month

A vulnerability classified as critical was found in FoxCMS up to 1.2. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Foxcms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-53276 MEDIUM This Month

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cors Misconfiguration
NVD GitHub
CVSS 4.0
6.3
EPSS
0.5%
CVE-2024-52321 MEDIUM This Month

Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2024-56362 MEDIUM PATCH This Month

Navidrome is an open source web-based music collection server and streamer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Navidrome
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56364 MEDIUM PATCH This Month

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-56326 MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity.

RCE Python Jinja
NVD GitHub
CVSS 4.0
5.4
EPSS
0.5%
CVE-2024-56201 MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity.

RCE Python Jinja
NVD GitHub
CVSS 4.0
5.4
EPSS
0.3%
CVE-2024-11230 MEDIUM PATCH This Month

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.6.46 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementor Header Footer Builder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-53275 MEDIUM This Month

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-12900 MEDIUM This Month

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Foxcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-47864 MEDIUM This Month

home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2024-12897 MEDIUM This Month

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-55539 LOW Monitor

Weak algorithm used to sign RPM package. Rated low severity (CVSS 2.5). No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
2.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy