Skip to main content
CVE-2023-46359 CRITICAL POC THREAT Emergency

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.9%.

Command Injection Cph2 Echarge Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
80.9%
Threat
5.9
CVE-2024-24398 CRITICAL POC PATCH Act Now

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Dashboards Php
NVD VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-1252 CRITICAL POC Act Now

A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1251 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24592 CRITICAL POC Act Now

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clearml
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-23917 CRITICAL POC THREAT Act Now

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
53.7%
CVE-2024-25140 CRITICAL POC Act Now

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Rustdesk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22853 CRITICAL POC Act Now

D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Go Rt Ac750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2024-22852 CRITICAL POC Act Now

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Go Rt Ac750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-24112 CRITICAL POC Act Now

xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xmall
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-46360 HIGH POC This Week

Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cph2 Echarge Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2024-24593 HIGH POC This Week

A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Clearml
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-24591 HIGH POC PATCH This Week

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Clearml
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-24590 HIGH POC PATCH This Week

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Clearml
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-22520 HIGH POC This Week

An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Drone Scanner
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-22519 HIGH POC This Week

An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Opendroneid Osm
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-22773 HIGH POC This Week

Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Action Rf 1200 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-22365 MEDIUM POC PATCH CISA This Month

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Pam
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
Threat
4.6
CVE-2024-1254 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Byzoro Smart S20 Management Platform up to 20231120. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Smart S20 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
4.6%
CVE-2024-1253 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Smart S40 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-1257 MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspxcms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24291 MEDIUM POC This Month

An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Yzmcms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24808 MEDIUM POC PATCH This Month

pyLoad is an open-source Download Manager written in pure Python. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Open Redirect Pyload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1263 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1262 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02.php of the component API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1261 CRITICAL Act Now

A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1260 CRITICAL Act Now

A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1259 CRITICAL Act Now

A vulnerability was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24015 CRITICAL Act Now

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24013 CRITICAL Act Now

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24000 CRITICAL Act Now

jshERP v3.3 is vulnerable to Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22433 CRITICAL PATCH Act Now

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Data Protection Search
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0244 CRITICAL Act Now

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Memory Corruption I Sensys Mf754Cdw Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-24594 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clearml
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-22515 HIGH This Week

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Agent Dvr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-22514 HIGH This Week

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Agent Dvr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-1256 MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic.do. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspxcms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-24255 MEDIUM POC This Month

A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-24254 MEDIUM POC This Month

PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
4.2
EPSS
0.4%
CVE-2024-22388 HIGH This Week

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Iclass Se Cp1000 Encoder Firmware Iclass Se Readers Firmware Iclass Se Reader Modules Firmware Iclass Se Processors Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22239 HIGH This Week

Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aria Operations For Networks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22237 HIGH This Week

Aria Operations for Networks contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Aria Operations For Networks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20819 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20818 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20817 HIGH This Week

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20813 HIGH This Week

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20812 HIGH This Week

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-24680 HIGH PATCH This Week

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-1255 HIGH This Week

A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sepidzdigitalmenu
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-23673 HIGH PATCH This Week

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.11.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Path Traversal Apache Sling Servlets Resolver
NVD
CVSS 3.1
7.5
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy