Skip to main content
CVE-2024-47571 HIGH This Month

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortimanager
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2024-46670 HIGH This Month

An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Fortinet Fortios
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-46668 HIGH This Month

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortios
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-46667 HIGH This Month

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortisiem
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-36512 HIGH This Month

An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortianalyzer Fortimanager
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-35277 HIGH This Month

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2024-35273 HIGH This Month

A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Buffer Overflow Fortinet Fortianalyzer +3
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-27778 HIGH This Month

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortisandbox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-23106 HIGH This Month

An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Forticlientems
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-11864 HIGH This Month

Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-11497 HIGH This Month

An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-53649 HIGH This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 <. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-47100 HIGH This Month

A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-20620 HIGH This Month

SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-20016 HIGH This Month

OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-0394 HIGH This Month

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
9.1%
CVE-2024-12365 HIGH PATCH This Month

The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.

Authentication Bypass WordPress Information Disclosure W3 Total Cache
NVD
CVSS 3.1
8.5
EPSS
17.0%
CVE-2025-23082 HIGH This Month

Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Backup
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2024-12398 HIGH This Month

An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Nwa50Ax Firmware Nwa50Ax Pro Firmware Nwa55Axe Firmware +20
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-0069 HIGH This Month

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. Rated high severity (CVSS 7.8). No vendor patch available.

Microsoft Code Injection Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0063 HIGH PATCH This Month

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SAP SQLi Sap Basis
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0061 HIGH PATCH This Month

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2024-57664 HIGH POC This Month

An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-57663 HIGH POC This Month

An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-57662 HIGH POC This Month

An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-57661 HIGH POC This Month

An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-57660 HIGH POC This Month

An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-57659 HIGH POC This Month

An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57658 HIGH POC This Month

An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57657 HIGH POC This Month

An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57656 HIGH POC PATCH This Month

An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-57655 HIGH POC This Month

An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57654 HIGH POC This Month

An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57653 HIGH POC This Month

An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57652 HIGH POC This Month

An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-57651 HIGH POC This Month

An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-57650 HIGH POC This Month

An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57649 HIGH POC This Month

An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57648 HIGH POC This Month

An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57647 HIGH POC This Month

An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57646 HIGH POC This Month

An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57645 HIGH POC This Month

An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-57644 HIGH POC This Month

An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57643 HIGH POC This Month

An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57642 HIGH POC This Month

An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57641 HIGH POC This Month

An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57640 HIGH POC This Month

An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57639 HIGH POC This Month

An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57638 HIGH POC This Month

An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57637 HIGH POC This Month

An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy