Skip to main content
CVE-2024-22729 CRITICAL POC THREAT Emergency

NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mw5360 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
70.8%
CVE-2024-22922 CRITICAL POC Act Now

An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Visitor Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0890 CRITICAL POC Act Now

A vulnerability was found in hongmaple octopus 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Octopus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-22638 CRITICAL POC Act Now

liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Livesite
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0884 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0883 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22529 CRITICAL POC Act Now

TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X2000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy