Skip to main content
CVE-2024-22902 CRITICAL POC Act Now

Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vinchin Backup And Recovery
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-22901 CRITICAL POC Act Now

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vinchin Backup And Recovery
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-24029 CRITICAL POC Act Now

JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinalcms
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22108 CRITICAL POC Act Now

An issue was discovered in GTB Central Console 15.17.1-30814.NG. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gtb Central Console
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-24482 CRITICAL POC Act Now

Aprktool before 2.9.3 on Windows allows ../ and /.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Apktool
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-22533 CRITICAL POC PATCH Act Now

Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Beetl
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-22319 CRITICAL POC PATCH THREAT Act Now

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM RCE Operational Decision Manager
NVD
CVSS 3.1
9.8
EPSS
76.4%
CVE-2024-23746 CRITICAL POC Act Now

Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Apple Miro
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-22779 CRITICAL POC PATCH Act Now

Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Serverrpexposer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-6675 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.1.4 before v.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cybermath
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-1197 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0.php of the component HTTP GET Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Testimonial Page Manager
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24757 CRITICAL Act Now

open-irs is an issue response robot that reponds to issues in the installed repository. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Irs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0338 CRITICAL Act Now

A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Xampp
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-23978 CRITICAL Act Now

Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Home Spot Cube 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21764 CRITICAL Act Now

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rapid Scada
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy