Skip to main content
CVE-2024-24767 CRITICAL POC PATCH Act Now

CasaOS-UserService provides user management functionalities to CasaOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Casaos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-24765 CRITICAL POC PATCH Act Now

CasaOS-UserService provides user management functionalities to CasaOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Casaos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-27302 CRITICAL POC PATCH Act Now

go-zero is a web and rpc framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Go Zero
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-27304 CRITICAL PATCH Act Now

pgx is a PostgreSQL driver and toolkit for Go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Pgproto3 Pgx
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-27307 CRITICAL PATCH Act Now

JSONata is a JSON query and transformation language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution RCE Denial Of Service Jsonata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-27308 CRITICAL PATCH Act Now

Mio is a Metal I/O library for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft Denial Of Service Memory Corruption Mio +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-26580 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache InLong.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Inlong
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy