Skip to main content
CVE-2023-48788 CRITICAL POC KEV EUVD KEV THREAT Emergency

Fortinet FortiClientEMS contains a SQL injection vulnerability allowing unauthenticated attackers to execute unauthorized code through crafted requests to the management server.

NVD
CVSS 3.1
9.8
EPSS
94.1%
Threat
9.8
CVE-2024-2393 CRITICAL POC Act Now

A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Without Page Reload Refresh
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28553 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28535 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28114 CRITICAL POC PATCH Act Now

Peering Manager is a BGP session management tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Peering Manager
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2023-42789 CRITICAL Act Now

A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Buffer Overflow Memory Corruption Fortiproxy Fortios
NVD VulDB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-27317 CRITICAL PATCH Act Now

In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Pulsar
NVD
CVSS 3.1
9.9
EPSS
56.9%
CVE-2024-27135 CRITICAL PATCH Act Now

Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache Java Pulsar
NVD
CVSS 3.1
9.9
EPSS
6.0%
CVE-2024-24101 CRITICAL Act Now

Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Scholars Tracking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-2406 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Gacjie Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24093 CRITICAL Act Now

SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Scholars Tracking System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-21334 CRITICAL PATCH Act Now

Open Management Infrastructure (OMI) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Open Management Infrastructure System Center Operations Manager
NVD
CVSS 3.1
9.8
EPSS
20.2%
CVE-2024-2394 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Employee Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22039 CRITICAL PATCH Act Now

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Cerberus PRO EN Fire Panel FC72x IP7 (All. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Cerberus Pro En Engineering Tool Cerberus Pro En Fire Panel Fc72X Cerberus Pro En X200 Cloud Distribution Cerberus Pro En X300 Cloud Distribution +5
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-26001 CRITICAL Act Now

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-25996 CRITICAL Act Now

An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-25995 CRITICAL Act Now

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-25331 CRITICAL Act Now

DIR-822 Rev. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-22127 CRITICAL Act Now

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection SAP Netweaver Application Server Java
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-21400 CRITICAL PATCH Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Microsoft Confidental Containers
NVD
CVSS 3.1
9.0
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy