Skip to main content
CVE-2024-23052 CRITICAL POC Act Now

An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Wukongcrm
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-25180 CRITICAL POC Act Now

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Pdfmake
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25291 CRITICAL POC Act Now

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Deskfiler
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-25833 CRITICAL POC Act Now

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Datacube3
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-25830 CRITICAL POC THREAT Act Now

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datacube3 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
24.0%
CVE-2024-23807 CRITICAL POC PATCH Act Now

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Apache Information Disclosure Memory Corruption Xerces C
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-1927 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Student Clearance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25292 CRITICAL POC Act Now

Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rendertune
NVD GitHub
CVSS 3.1
9.6
EPSS
1.5%
CVE-2024-1981 CRITICAL POC PATCH Act Now

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Migration Backup Staging
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-23328 CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Java Dataease
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-26548 CRITICAL Act Now

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Camera Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0864 CRITICAL Act Now

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Laragon
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-24525 CRITICAL Act Now

An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Epointwebbuilder
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-27516 CRITICAL PATCH Act Now

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE PHP Command Injection Live Helper Chat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-1971 CRITICAL Act Now

A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Shopping System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6090 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.3.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Mollie Payments For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-25128 CRITICAL PATCH Act Now

Flask-AppBuilder is an application development framework, built on top of Flask. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Flask Appbuilder
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-25065 CRITICAL Act Now

Possible path traversal in Apache OFBiz allowing authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Apache Ofbiz
NVD
CVSS 3.1
9.1
EPSS
47.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy