Skip to main content
CVE-2023-46359 CRITICAL POC THREAT Emergency

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.9%.

Command Injection Cph2 Echarge Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
80.9%
Threat
5.9
CVE-2024-24398 CRITICAL POC PATCH Act Now

Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Dashboards Php
NVD VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-1252 CRITICAL POC Act Now

A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1251 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24592 CRITICAL POC Act Now

Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Clearml
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-23917 CRITICAL POC THREAT Act Now

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
53.7%
CVE-2024-25140 CRITICAL POC Act Now

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Rustdesk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22853 CRITICAL POC Act Now

D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Go Rt Ac750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2024-22852 CRITICAL POC Act Now

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Go Rt Ac750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-24112 CRITICAL POC Act Now

xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xmall
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-1263 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1262 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02.php of the component API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1261 CRITICAL Act Now

A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1260 CRITICAL Act Now

A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1259 CRITICAL Act Now

A vulnerability was found in Juanpao JPShop up to 1.5.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24015 CRITICAL Act Now

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24013 CRITICAL Act Now

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24000 CRITICAL Act Now

jshERP v3.3 is vulnerable to Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22433 CRITICAL PATCH Act Now

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dell Data Protection Search
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0244 CRITICAL Act Now

Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Memory Corruption I Sensys Mf754Cdw Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy