Skip to main content
CVE-2024-1709 CRITICAL POC KEV PATCH THREAT Act Now

ConnectWise ScreenConnect contains a critical authentication bypass (CVSS 10.0) that allows direct access to the administrative interface, mass-exploited within hours of disclosure for ransomware deployment.

NVD GitHub
CVSS 3.1
10.0
EPSS
94.3%
Threat
9.8
CVE-2024-1212 CRITICAL POC KEV THREAT Emergency

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Loadmaster
NVD GitHub
CVSS 3.1
9.8
EPSS
95.4%
CVE-2024-25124 CRITICAL POC PATCH Act Now

Fiber is a web framework written in go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fiber
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25897 CRITICAL POC Act Now

ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-25894 CRITICAL POC Act Now

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1702 CRITICAL POC Act Now

A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1701 CRITICAL POC Act Now

A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25893 CRITICAL POC Act Now

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-1631 CRITICAL POC PATCH Act Now

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Icp Js Core
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-25249 CRITICAL Act Now

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Apple He3 App
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-25117 CRITICAL PATCH Act Now

php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Php Svg Lib
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy