Skip to main content
CVE-2023-6989 CRITICAL POC PATCH THREAT Act Now

The Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

LFI WordPress Information Disclosure PHP Shield Security
NVD VulDB
CVSS 3.1
9.8
EPSS
61.9%
Threat
5.3
CVE-2024-23054 CRITICAL POC Act Now

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Docker Plone Docker Official Image
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-23049 CRITICAL POC Act Now

An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Symphony
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-24543 CRITICAL POC Act Now

Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption RCE Tenda Denial Of Service +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-23108 CRITICAL POC THREAT Act Now

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortisiem
NVD GitHub
CVSS 3.1
9.8
EPSS
78.4%
CVE-2024-0964 CRITICAL POC PATCH Act Now

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gradio
NVD GitHub
CVSS 3.1
9.4
EPSS
1.0%
CVE-2024-0323 CRITICAL Act Now

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automation Runtime
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-23109 CRITICAL Act Now

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized code or commands via via crafted API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortisiem
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2024-1225 CRITICAL Act Now

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Qibocms X1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-20011 CRITICAL Act Now

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0221 CRITICAL PATCH Act Now

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress PHP Path Traversal Photo Gallery
NVD VulDB
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy