Skip to main content
CVE-2024-2044 CRITICAL POC PATCH THREAT Act Now

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
9.9
EPSS
79.3%
CVE-2024-0917 CRITICAL POC Act Now

remote code execution in paddlepaddle/paddle 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Paddlepaddle
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0818 CRITICAL POC Act Now

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Paddlepaddle
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-2269 CRITICAL Act Now

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Bookstore Website
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2268 CRITICAL Act Now

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2264 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1351 CRITICAL PATCH Act Now

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure MongoDB Astra Control Center Ontap Tools
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-28222 CRITICAL Act Now

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Netbackup Netbackup Appliance
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-28213 CRITICAL PATCH Act Now

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Ngrinder
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28212 CRITICAL Act Now

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-28211 CRITICAL Act Now

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22857 CRITICAL Act Now

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy