Skip to main content
CVE-2024-0204 CRITICAL POC THREAT Emergency

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goanywhere Managed File Transfer
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
95.1%
CVE-2024-0784 CRITICAL POC Act Now

A vulnerability was found in hongmaple octopus 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Octopus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0783 CRITICAL POC Act Now

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Admission System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-0778 CRITICAL POC THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Isc 2500 S Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
32.1%
CVE-2024-23752 CRITICAL POC Act Now

GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Python Pandasai
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-23751 CRITICAL POC PATCH Act Now

LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Llamaindex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy