Skip to main content
CVE-2024-48456 HIGH POC THREAT Act Now

Multiple Netis WiFi router models contain an out-of-bounds read vulnerability that allows remote unauthenticated attackers to extract sensitive information from device memory. The affected models span the WiFi 6 NX10, WiFi 11AC NC65/NC63/NC21, and WiFi MW5360 product lines across multiple firmware versions.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
81.3%
Threat
5.4
CVE-2024-48457 HIGH POC THREAT Act Now

Multiple Netis WiFi router models contain an additional out-of-bounds read vulnerability similar to CVE-2024-48456, affecting the same broad range of models and firmware versions. Remote unauthenticated attackers can extract sensitive data from device memory including WiFi credentials and configuration secrets.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
61.6%
Threat
4.8
CVE-2024-48455 LOW POC THREAT Monitor

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.5% and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
2.7
EPSS
63.5%
CVE-2024-54879 CRITICAL POC Act Now

SeaCMS V13.1 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seacms
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2021-27285 HIGH POC This Week

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Clusterengine
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-54767 HIGH POC This Week

An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
4.5%
CVE-2024-54764 MEDIUM POC This Month

An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
6.0%
CVE-2024-54763 MEDIUM POC This Month

An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
3.6%
CVE-2024-51112 MEDIUM POC This Month

Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect XSS Pnetlab
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6604 MEDIUM POC PATCH This Month

A flaw was found in FFmpeg. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Ffmpeg Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-6601 MEDIUM POC PATCH This Month

A flaw was found in FFmpeg's HLS demuxer. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Ffmpeg Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-51111 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pnetlab
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%
CVE-2024-55407 HIGH This Week

An issue in the DeviceloControl function of ITE Tech. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6605 HIGH PATCH This Week

A flaw was found in FFmpeg's DASH playlist support. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg Suse
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-12970 LOW Monitor

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.7.2. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 3.1
3.9
EPSS
2.0%
CVE-2025-21620 HIGH PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-55553 HIGH PATCH This Month

In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-21616 MEDIUM POC This Month

Plane is an open-source project management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Plane
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-53936 MEDIUM This Month

The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-53935 MEDIUM This Month

The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53934 HIGH This Month

The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2024-53933 MEDIUM This Month

The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-53932 CRITICAL This Week

The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-53931 CRITICAL This Week

The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-51741 MEDIUM PATCH Monitor

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-46981 HIGH POC PATCH THREAT This Month

Redis versions prior to 7.4.2, 7.2.7, and 6.2.17 contain a use-after-free vulnerability in the Lua scripting engine that allows authenticated users to achieve remote code execution. By manipulating the garbage collector through crafted Lua scripts, attackers can corrupt memory and execute arbitrary code on the Redis server.

RCE Memory Corruption Use After Free Redis Debian Linux +2
NVD GitHub
CVSS 3.1
7.0
EPSS
75.7%
CVE-2024-55076 HIGH POC This Week

Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Grocy
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-55075 MEDIUM POC Monitor

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Grocy
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-21617 MEDIUM PATCH This Month

Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-55074 HIGH POC This Week

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Grocy
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-55408 MEDIUM This Month

An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-46209 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redaxo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35498 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grav
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-56828 CRITICAL POC Act Now

File Upload vulnerability in ChestnutCMS through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55629 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-55628 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-55627 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow Suricata Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-55626 LOW PATCH Monitor

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Suricata
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-55529 CRITICAL This Week

Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Z Blogphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-54880 CRITICAL POC Act Now

SeaCMS V13.1 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seacms
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2024-46622 CRITICAL This Week

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-46073 MEDIUM This Month

A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-21618 HIGH PATCH This Month

NiceGUI is an easy-to-use, Python-based UI framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-21615 MEDIUM This Month

AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21614 HIGH PATCH This Month

go-git is a highly extensible git implementation library written in pure Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Git Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-21613 CRITICAL PATCH This Week

go-git is a highly extensible git implementation library written in pure Go. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Go Git Red Hat Suse
NVD GitHub
CVSS 4.0
9.2
EPSS
2.9%
CVE-2024-56769 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56768 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56767 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56766 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy