Skip to main content
CVE-2024-46435 HIGH POC This Week

A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Stack Overflow Buffer Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2024-54954 HIGH POC This Week

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ssti Oneblog
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2025-24970 HIGH POC PATCH This Week

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Netty Active Iq Unified Manager Oncommand Insight Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-27859 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-11621 HIGH This Week

Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Information Disclosure Remote Desktop Manager Remote Desktop Manager Powershell +3
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42512 HIGH PATCH This Week

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ua Net Standard Stack
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-1193 HIGH This Week

Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Remote Desktop Manager Windows
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-21693 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Linux Information Disclosure Google +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21692 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21687 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-57407 HIGH This Week

An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-1099 HIGH This Week

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-57177 HIGH This Month

A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Ssti
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-8550 HIGH POC This Month

A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Agentscope
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-46436 HIGH POC This Week

Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-46434 HIGH POC This Week

Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-46433 HIGH POC This Week

A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-46432 HIGH POC This Week

Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-46431 HIGH POC This Week

Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow W18E Firmware
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2024-46429 HIGH POC This Week

A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass W18E Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-13059 HIGH POC PATCH THREAT This Month

AnythingLLM prior to version 1.3.1 contains a path traversal vulnerability through non-ASCII filename handling in the multer library. The filename transformation introduces ../ sequences that enable arbitrary file write, leading to remote code execution on the LLM application server.

RCE Path Traversal Anythingllm
NVD GitHub
CVSS 3.0
7.2
EPSS
55.4%
CVE-2024-57408 HIGH POC This Month

An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java File Upload Cool Admin Java
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-10334 HIGH This Month

A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2024-8684 HIGH This Month

OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD
CVSS 3.1
8.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy