Skip to main content
CVE-2024-48456 HIGH POC THREAT Act Now

Multiple Netis WiFi router models contain an out-of-bounds read vulnerability that allows remote unauthenticated attackers to extract sensitive information from device memory. The affected models span the WiFi 6 NX10, WiFi 11AC NC65/NC63/NC21, and WiFi MW5360 product lines across multiple firmware versions.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
81.3%
Threat
5.4
CVE-2024-48457 HIGH POC THREAT Act Now

Multiple Netis WiFi router models contain an additional out-of-bounds read vulnerability similar to CVE-2024-48456, affecting the same broad range of models and firmware versions. Remote unauthenticated attackers can extract sensitive data from device memory including WiFi credentials and configuration secrets.

Buffer Overflow Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
61.6%
Threat
4.8
CVE-2021-27285 HIGH POC This Week

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Clusterengine
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-54767 HIGH POC This Week

An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
4.5%
CVE-2024-55407 HIGH This Week

An issue in the DeviceloControl function of ITE Tech. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6605 HIGH PATCH This Week

A flaw was found in FFmpeg's DASH playlist support. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg Suse
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-21620 HIGH PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-55553 HIGH PATCH This Month

In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-53934 HIGH This Month

The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2024-46981 HIGH POC PATCH THREAT This Month

Redis versions prior to 7.4.2, 7.2.7, and 6.2.17 contain a use-after-free vulnerability in the Lua scripting engine that allows authenticated users to achieve remote code execution. By manipulating the garbage collector through crafted Lua scripts, attackers can corrupt memory and execute arbitrary code on the Redis server.

RCE Memory Corruption Use After Free Redis Debian Linux +2
NVD GitHub
CVSS 3.1
7.0
EPSS
75.7%
CVE-2024-55076 HIGH POC This Week

Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Grocy
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-55074 HIGH POC This Week

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Grocy
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-55629 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-55628 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21618 HIGH PATCH This Month

NiceGUI is an easy-to-use, Python-based UI framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-21614 HIGH PATCH This Month

go-git is a highly extensible git implementation library written in pure Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Git Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-56766 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56765 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free IBM Information Disclosure Memory Corruption Linux +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56764 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-56759 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Use After Free Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-55605 HIGH PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suricata Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-21612 HIGH PATCH This Month

TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-21611 HIGH PATCH This Month

tgstation-server is a production scale tool for BYOND server management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Tgstation Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8474 HIGH This Month

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Connect
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-45558 HIGH PATCH This Month

Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +178
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45555 HIGH This Month

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Msm8996au Firmware Qam8255p Firmware Qam8295p Firmware +38
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-45553 HIGH PATCH This Month

Memory corruption can occur when process-specific maps are added to the global list. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Memory Corruption Use After Free Ar8035 Firmware Fastconnect 6200 Firmware +123
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45550 HIGH This Month

Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sc8380xp Firmware Wcd9380 Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45548 HIGH This Month

Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcc2073 Firmware Qcc2076 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45547 HIGH This Month

Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcc2073 Firmware Qcc2076 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45546 HIGH This Month

Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcc2073 Firmware Qcc2076 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45542 HIGH This Month

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +48
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-45541 HIGH This Month

Memory corruption when IOCTL call is invoked from user-space to read board data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +47
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43064 HIGH This Month

Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Qam8255p Firmware Qam8295p Firmware Qam8620p Firmware Qam8650p Firmware +26
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-21464 HIGH PATCH This Month

Memory corruption while processing IPA statistics, when there are no active clients registered. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm4490 Firmware +17
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-20154 HIGH This Week

In Modem, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 39.2% and no vendor patch available.

RCE Stack Overflow Buffer Overflow Lr12a Lr13 +3
NVD
CVSS 3.1
8.8
EPSS
39.2%
CVE-2024-20153 HIGH This Month

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yocto Software Development Kit Android Google
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20150 HIGH This Month

In Modem, there is a possible system crash due to a logic error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Lr12a Lr13 Nr15 +2
NVD
CVSS 3.1
7.5
EPSS
7.4%
CVE-2024-20149 HIGH This Month

In Modem, there is a possible system crash due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lr12 Lr13 Nr15 Nr16 +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-20146 HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Yocto Software Development Kit +3
NVD
CVSS 3.1
8.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy