Skip to main content
CVE-2024-2690 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Discussion Forum Site
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2649 CRITICAL POC Act Now

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29026 CRITICAL POC PATCH Act Now

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Owncast
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-1711 CRITICAL Act Now

The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28179 CRITICAL PATCH Act Now

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass RCE Jupyter Server Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-28395 CRITICAL Act Now

SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Bestkit Popup
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28392 CRITICAL Act Now

SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Abandoned Cart Reminder Pro
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1811 CRITICAL Act Now

A potential vulnerability has been identified in OpenText ArcSight Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22081 CRITICAL Act Now

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Request Smuggling G5Dfr Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22080 CRITICAL Act Now

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow G5Dfr Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25294 CRITICAL Act Now

An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Rebuild
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-29037 CRITICAL Act Now

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Datahub Helm
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-29033 CRITICAL PATCH GHSA Act Now

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Oauthenticator
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy