Skip to main content
CVE-2024-1698 CRITICAL POC PATCH THREAT Act Now

SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote attackers to append arbitrary SQL queries via the 'type' parameter and exfiltrate sensitive database contents. Publicly available exploit code exists and the EPSS score of 93.74% (100th percentile) indicates very high probability of exploitation attempts in the wild, though the CVE is not currently listed in CISA KEV.

SQLi WordPress Notificationx
NVD VulDB
CVSS 3.1
9.8
EPSS
93.7%
Threat
6.3
CVE-2024-1926 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Free And Open Source Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25400 CRITICAL POC Act Now

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Subrion
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1923 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25846 CRITICAL POC Act Now

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Product Catalog Csv Excel Import
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-27099 CRITICAL PATCH Act Now

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Azure Uamqp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-25843 CRITICAL PATCH Act Now

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Import Update Bulk Product
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1403 CRITICAL Act Now

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openedge
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-1921 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Lightpicture
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1918 CRITICAL Act Now

A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Smart S42 Management Platform
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-24095 CRITICAL Act Now

Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Simple Stock System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-27905 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Information Disclosure Oracle Aurora
NVD
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy