Skip to main content
CVE-2024-13170 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13169 HIGH This Month

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13168 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13167 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13166 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-13165 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13164 HIGH This Month

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13163 HIGH This Month

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 26.5% and no vendor patch available.

RCE Deserialization Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
26.5%
CVE-2024-13162 HIGH This Month

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 43.8% and no vendor patch available.

RCE Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
43.8%
CVE-2024-13158 HIGH PATCH This Month

An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.5%.

RCE Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
21.5%
CVE-2025-23081 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-23080 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - OpenBadges Extension allows Cross-Site Scripting. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-0464 MEDIUM POC This Month

A vulnerability was found in SourceCodester Task Reminder System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Task Reminder System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-0463 MEDIUM This Month

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass PHP Lingdang Crm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0462 MEDIUM This Month

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Lingdang Crm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-53563 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-53561 HIGH This Month

A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
8.7
EPSS
1.3%
CVE-2024-52898 MEDIUM This Month

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-45627 MEDIUM PATCH This Month

In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Path Traversal Linkis
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-13181 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-13180 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2024-13179 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-10811 CRITICAL POC Act Now

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-10630 HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22984 HIGH POC This Month

An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-22983 HIGH POC This Month

An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-0461 MEDIUM This Month

A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Lingdang Crm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2025-0460 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-0459 MEDIUM Monitor

A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Suse
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-0458 MEDIUM This Month

A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-29980 MEDIUM Monitor

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Securecore Technology
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-29979 MEDIUM Monitor

Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Securecore Technology
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2024-55000 MEDIUM POC This Month

Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS House Rental Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-42444 HIGH This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Rated high severity (CVSS 7.5). No vendor patch available.

RCE Aptio V
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-39803 CRITICAL POC Act Now

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-39802 CRITICAL POC Act Now

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39801 CRITICAL POC Act Now

Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-39800 CRITICAL POC Act Now

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-39799 CRITICAL POC Act Now

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-39798 CRITICAL POC Act Now

Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-39795 CRITICAL POC Act Now

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-39794 CRITICAL POC Act Now

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-39793 CRITICAL POC Act Now

Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-39790 CRITICAL POC Act Now

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-39789 CRITICAL POC Act Now

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-39788 CRITICAL POC Act Now

Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-39787 CRITICAL POC Act Now

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-39786 CRITICAL POC Act Now

Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-39785 CRITICAL POC Act Now

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-39784 CRITICAL POC Act Now

Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wl Wn533A8 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
Prev Page 6 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy