Skip to main content
CVE-2024-27764 CRITICAL POC Act Now

An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jeewms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2056 CRITICAL POC THREAT Act Now

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Artica Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
16.7%
CVE-2024-2055 CRITICAL POC Act Now

The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Artica Proxy
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-27565 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Chatgpt Wechat Personal
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24276 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name,. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Teamwire
NVD
CVSS 3.1
9.6
EPSS
0.9%
CVE-2024-24275 CRITICAL POC Act Now

Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Teamwire
NVD
CVSS 3.1
9.6
EPSS
0.9%
CVE-2024-26339 CRITICAL POC Act Now

swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Swftools
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-7103 CRITICAL Act Now

Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Uface 5
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-25614 CRITICAL Act Now

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy