Skip to main content
CVE-2024-25247 CRITICAL POC Act Now

SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP B2B2C Multi Business
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25248 CRITICAL POC Act Now

SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi B2B2C Multi Business
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-27456 CRITICAL POC PATCH Act Now

rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rack Cors Middleware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-25913 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Moveto
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-25925 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.5.12. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload Easy Checkout Field Editor
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-25909 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.7.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Media Folder
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-25751 CRITICAL Act Now

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-24402 CRITICAL Act Now

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2024-24401 CRITICAL Act Now

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP RCE Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
45.9%
CVE-2024-27447 CRITICAL PATCH Act Now

pretix before 2024.1.1 mishandles file validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pretix
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-27444 CRITICAL PATCH Act Now

langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Langchain Experimental
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1885 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Webos Signage
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1876 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Employee Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-27455 CRITICAL Act Now

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-1735 CRITICAL PATCH Act Now

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Armeria
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy