Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11230 matches found

Kaspersky
Kasperskyadded 2024/09/19 12:0 a.m.21 views

KLA73472 RCE vulnerability in Microsoft Office

A remote code execution vulnerability was found in Microsoft Office. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2024-38016 Related products Microsoft-Office-Visio Microsoft-Office CVE list CVE-2024-38016 critical KB list 5002634 Solution...

7.8CVSS8.2AI score0.01506EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2024/09/19 12:0 a.m.20 views

Docker Desktop < 4.34.2 Multiple Vulnerabilities

The version of Docker Desktop for Linux is prior to 4.34.2. It is therefore affected by multiple vulnerabilities. - A remote code execution RCE vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. - A remote code...

9.8CVSS6.5AI score0.03113EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2024/09/19 12:0 a.m.16 views

Oracle Linux 9 : ruby:3.3 (ELSA-2024-6785)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6785 advisory. - Fix DoS vulnerability in rexml. CVE-2024-39908 CVE-2024-41946 CVE-2024-43398 Resolves: RHEL-57573 Resolves: RHEL-57570 Resolves: RHEL-57578 - Fix REX...

9.8CVSS7.4AI score0.08616EPSS
Exploits0References5
Cvelist
Cvelistadded 2024/09/18 5:14 p.m.30 views

CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

9.9CVSS0.92294EPSS
Exploits2References5
Vulnrichment
Vulnrichmentadded 2024/09/18 5:14 p.m.17 views

CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

9.9CVSS7.8AI score0.92294EPSS
Exploits2References4
RubySec
RubySecadded 2024/09/18 12:0 a.m.25 views

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...

9.9CVSS8.6AI score0.92294EPSS
Exploits2References1Affected Software1
Amazon
Amazonadded 2024/09/18 12:0 a.m.19 views

Medium: ruby

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

4.5CVSS7.8AI score0.02532EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2024/09/17 7:29 p.m.24 views

hermes-management is vulnerable to RCE due to Apache commons-jxpath

Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...

6.6AI score
Exploits1References4Affected Software1
Github Security Blog
Github Security Blogadded 2024/09/17 6:36 p.m.14 views

Kimai has an XXE Leading to Local File Read

Summary Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. Details Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The...

7.2AI score
Exploits0References4Affected Software1
OSV
OSVadded 2024/09/17 6:36 p.m.35 views

GHSA-534C-HCR7-67JG Kimai has an XXE Leading to Local File Read

Summary Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. Details Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The...

8.5CVSS7.2AI score
Exploits0References4
The Hacker News
The Hacker Newsadded 2024/09/17 4:34 a.m.23 views

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager ARM software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It...

9.8CVSS8.6AI score0.33758EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2024/09/17 12:0 a.m.18 views

LLama cpp python binding < 0.2.88 Arbitrary Write Vulnerability

The version of llama.cpp installed on the remote host is prior to 0.2.88. It is, therefore, affected by an arbitrary write vulnerability. This vulnerability was combined with another arbitrary address read vulnerability to achieve RCE, demonstrating the significant impact of the vulnerability. No...

10CVSS5.8AI score0.05678EPSS
Exploits1References2
NVD
NVDadded 2024/09/16 9:15 p.m.8 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

8.1CVSS0.00153EPSS
Exploits0References1
NVD
NVDadded 2024/09/16 9:15 p.m.8 views

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

9.8CVSS0.00279EPSS
Exploits0References1
NVD
NVDadded 2024/09/16 9:15 p.m.14 views

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

8.1CVSS0.00173EPSS
Exploits0References1
NVD
NVDadded 2024/09/16 9:15 p.m.7 views

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

9.8CVSS0.00341EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2024/09/16 1:11 p.m.753 views

Exploit for CVE-2024-32651

CVE-2024-32651 changedetection --port --ip --notification...

10CVSS9.6AI score0.92087EPSS
Exploits5
Vulnrichment
Vulnrichmentadded 2024/09/16 12:0 a.m.11 views

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

7AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/09/16 12:0 a.m.13 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/09/16 12:0 a.m.16 views

CVE-2024-45416

The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in sessioninit function. The session -LUA- files are stored in the directory /var/luasession, the function iterates on all files in this directory and executes them using the function dofile without any validation i...

6.6AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder