Skip to main content
CVE-2023-48788 CRITICAL POC KEV EUVD KEV THREAT Emergency

Fortinet FortiClientEMS contains a SQL injection vulnerability allowing unauthenticated attackers to execute unauthorized code through crafted requests to the management server.

NVD
CVSS 3.1
9.8
EPSS
94.1%
Threat
9.8
CVE-2024-2393 CRITICAL POC Act Now

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Without Page Reload Refresh
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28553 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28535 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28114 CRITICAL POC PATCH Act Now

Peering Manager is a BGP session management tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Peering Manager
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2024-28121 HIGH POC PATCH This Week

stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Stimulusrelfex
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28338 HIGH POC This Week

A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A8000Ru Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-28340 HIGH POC This Week

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Cbk40 Firmware Cbk43 Firmware Cbr40 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-28186 HIGH POC PATCH This Week

FreeScout is an open source help desk and shared inbox built with PHP. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Freescout
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-25325 HIGH POC This Week

SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-42789 CRITICAL Act Now

A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Buffer Overflow Memory Corruption Fortiproxy Fortios
NVD VulDB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-28113 MEDIUM POC PATCH This Month

Peering Manager is a BGP session management tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Peering Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2391 MEDIUM POC This Month

A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eve Ng
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27317 CRITICAL PATCH Act Now

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Pulsar
NVD
CVSS 3.1
9.9
EPSS
56.9%
CVE-2024-27135 CRITICAL PATCH Act Now

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Java Pulsar
NVD
CVSS 3.1
9.9
EPSS
6.0%
CVE-2024-24101 CRITICAL Act Now

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Scholars Tracking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-2406 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Gacjie Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24093 CRITICAL Act Now

SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Scholars Tracking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-21334 CRITICAL PATCH Act Now

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Open Management Infrastructure System Center Operations Manager
NVD
CVSS 3.1
9.8
EPSS
20.2%
CVE-2024-2394 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Employee Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22039 CRITICAL PATCH Act Now

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Cerberus Pro En Engineering Tool Cerberus Pro En Fire Panel Fc72X Cerberus Pro En X200 Cloud Distribution Cerberus Pro En X300 Cloud Distribution +5
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-26001 CRITICAL Act Now

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-25996 CRITICAL Act Now

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-25995 CRITICAL Act Now

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-0386 HIGH PATCH Act Now

The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.6%.

XSS WordPress Weforms
NVD
CVSS 3.1
7.2
EPSS
12.6%
CVE-2024-28339 MEDIUM POC This Month

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Cbk40 Firmware Cbr40 Firmware Cbk43 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25331 CRITICAL Act Now

DIR-822 Rev. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-22127 CRITICAL Act Now

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection SAP Netweaver Application Server Java
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-21400 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Microsoft Confidental Containers
NVD
CVSS 3.1
9.0
EPSS
2.2%
CVE-2024-27894 HIGH PATCH This Week

The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Denial Of Service Pulsar
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-1138 HIGH This Week

The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-26198 HIGH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Exchange Server
NVD
CVSS 3.1
8.8
EPSS
6.8%
CVE-2024-26166 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-26165 HIGH This Week

Visual Studio Code Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-26164 HIGH PATCH This Week

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Microsoft Django Backend
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-26162 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-26161 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-26159 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-21451 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-21450 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-21444 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-21441 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-21440 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-21435 HIGH This Week

Windows OLE Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 11 22h2 Windows 11 23h2
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-21411 HIGH This Week

Skype for Consumer Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Skype
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-1527 HIGH This Week

Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cms Made Simple
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-26288 HIGH This Week

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-27758 HIGH PATCH This Week

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2023-42790 HIGH This Week

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Buffer Overflow Stack Overflow Fortiproxy Fortios
NVD VulDB
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-28239 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Google Directus
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy