Skip to main content
CVE-2024-28383 CRITICAL POC Act Now

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax12 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28388 CRITICAL POC Act Now

SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Product Comments
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-26503 CRITICAL POC Act Now

Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Openeclass
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-25139 CRITICAL Act Now

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE TP-Link Omada Er605 Firmware
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-28423 CRITICAL Act Now

Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Airflow Diagrams
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28391 CRITICAL PATCH Act Now

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation SQLi B2B Quick Order Form
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28390 CRITICAL Act Now

An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ultimateimagetool
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1222 CRITICAL Act Now

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Papercut Mf Papercut Ng
NVD
CVSS 3.1
9.8
EPSS
64.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy