Skip to main content
CVE-2024-24142 CRITICAL POC Act Now

Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi School Task Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-21413 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft Outlook Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft 365 Apps Office 2016 Office 2019 +1
NVD
CVSS 3.1
9.8
EPSS
94.7%
CVE-2024-21410 CRITICAL KEV PATCH THREAT Act Now

Microsoft Exchange Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2024-21401 CRITICAL PATCH Act Now

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Microsoft Entra Jira Sso Plugin
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-22923 CRITICAL Act Now

SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Adv Radius
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-23816 CRITICAL Act Now

A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions <. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Location Intelligence
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-23813 CRITICAL Act Now

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Polarion Alm
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-23810 CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sinec Nms
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21364 CRITICAL PATCH Act Now

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Azure Site Recovery
NVD
CVSS 3.1
9.3
EPSS
0.6%
CVE-2024-1378 CRITICAL Act Now

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2024-1374 CRITICAL Act Now

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2024-1372 CRITICAL Act Now

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2024-1369 CRITICAL Act Now

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2024-1359 CRITICAL Act Now

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2024-1355 CRITICAL Act Now

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Docker Enterprise Server
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2024-21403 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Information Disclosure Kubernetes Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.0
EPSS
1.3%
CVE-2024-21376 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass RCE Kubernetes Microsoft Azure Kubernetes Service
NVD
CVSS 3.1
9.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy