Skip to main content
CVE-2024-25502 CRITICAL POC Act Now

Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Path Traversal Flusity
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-7081 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection.02.2024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Payment System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-5155 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Solipay Mobile
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-23113 CRITICAL KEV THREAT Act Now

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiproxy Fortiswitchmanager Fortios +1
NVD
CVSS 3.1
9.8
EPSS
61.7%
CVE-2024-20738 CRITICAL PATCH Act Now

Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Framemaker Publishing Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0390 CRITICAL Act Now

INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Izzi Connect
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-26264 CRITICAL Act Now

EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Risweb
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-26261 CRITICAL Act Now

The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Oaklouds Organization 2 0 Oaklouds Organization 3 0 Oaklouds Webbase 2 0 Oaklouds Webbase 3 0
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-26260 CRITICAL Act Now

The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Oaklouds Organization 2 0 Oaklouds Organization 3 0 Oaklouds Webbase 2 0 +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-23674 CRITICAL Act Now

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-23479 CRITICAL Act Now

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Access Rights Manager
NVD
CVSS 3.1
9.6
EPSS
5.8%
CVE-2024-23477 CRITICAL PATCH Act Now

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Access Rights Manager
NVD
CVSS 3.1
9.6
EPSS
7.8%
CVE-2024-23476 CRITICAL PATCH Act Now

The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Access Rights Manager
NVD
CVSS 3.1
9.6
EPSS
7.1%
CVE-2024-20720 CRITICAL PATCH Act Now

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection Commerce
NVD
CVSS 3.1
9.1
EPSS
3.7%
CVE-2024-20719 CRITICAL PATCH Act Now

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce
NVD
CVSS 3.1
9.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy