Skip to main content
CVE-2024-57543 MEDIUM POC This Month

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Buffer Overflow E8450 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-57542 HIGH POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E8450 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-57541 MEDIUM POC This Month

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Buffer Overflow E8450 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-57540 MEDIUM POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Buffer Overflow E8450 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-57539 HIGH POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E8450 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
5.5%
CVE-2024-57538 MEDIUM POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Buffer Overflow E8450 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-57537 MEDIUM POC This Month

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Buffer Overflow E8450 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-57536 HIGH POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E8450 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-57360 MEDIUM PATCH This Month

https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-55959 CRITICAL This Week

Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-55958 MEDIUM Monitor

Northern.tech CFEngine Enterprise Mission Portal 3.24.0, 3.21.5, and below allows XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-48392 MEDIUM POC This Month

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangescrum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21245 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24024 CRITICAL This Week

Mjolnir is a moderation tool for Matrix. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-42936 CRITICAL POC Act Now

The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reyee Os
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2025-23369 HIGH This Month

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 11.8% and no vendor patch available.

Authentication Bypass Jwt Attack Enterprise Server
NVD GitHub
CVSS 4.0
7.6
EPSS
11.8%
CVE-2024-55504 MEDIUM This Month

An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple Authentication Bypass macOS
NVD GitHub
CVSS 3.1
5.5
EPSS
2.4%
CVE-2024-51417 MEDIUM PATCH This Month

An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-24461 MEDIUM This Month

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-24460 MEDIUM Monitor

In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-24459 MEDIUM Monitor

In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.9% and no vendor patch available.

Hashicorp XSS Teamcity
NVD
CVSS 3.1
4.6
EPSS
19.9%
CVE-2025-24458 HIGH This Month

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-24457 MEDIUM This Month

In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-24456 MEDIUM This Month

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Hub
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-24020 MEDIUM POC PATCH Monitor

WeGIA is a Web manager for charitable institutions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Open Redirect PHP Wegia
NVD GitHub
CVSS 4.0
4.8
EPSS
0.2%
CVE-2025-24019 HIGH POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Yeswiki
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2025-22150 MEDIUM PATCH This Month

Undici is an HTTP/1.1 client. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-54795 MEDIUM POC This Month

SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spagobi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-54794 CRITICAL POC Act Now

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Spagobi
NVD GitHub
CVSS 3.1
9.1
EPSS
2.2%
CVE-2024-54792 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spagobi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-24018 HIGH POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Yeswiki
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-45687 LOW Monitor

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.4
EPSS
0.2%
CVE-2025-24017 HIGH POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yeswiki
NVD GitHub
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-24012 MEDIUM PATCH Monitor

Umbraco is a free and open source .NET content management system. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
4.6
EPSS
0.9%
CVE-2025-24011 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.2%.

Information Disclosure Umbraco Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
31.2%
CVE-2025-0377 HIGH PATCH This Month

HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Go Slug Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-57036 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-56990 MEDIUM POC Monitor

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
4.5
EPSS
0.2%
CVE-2024-56998 MEDIUM POC Monitor

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-56997 MEDIUM POC Monitor

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub
CVSS 3.1
4.2
EPSS
0.1%
CVE-2024-53829 HIGH POC PATCH This Week

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Codechecker
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-21663 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-tegra: Read iommu stream id from device tree Nvidia's Tegra MGBE controllers require the IOMMU "Stream ID" (SID). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Nvidia Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21662 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needs to complete. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21661 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix missing lookup table cleanups When a virtuser device is created via configfs and the probe fails due to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21660 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21659 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21658 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21657 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() scx_ops_bypass() iterates all CPUs to re-enqueue all the scx. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21656 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy