Skip to main content
CVE-2024-27956 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.92.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.

SQLi Automatic
NVD
CVSS 3.1
9.9
EPSS
93.8%
Threat
6.3
CVE-2024-2054 CRITICAL POC THREAT Emergency

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Artica Proxy
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.3%
CVE-2024-29243 CRITICAL POC Act Now

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lbt T300 Mini1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29864 CRITICAL POC PATCH Act Now

Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Distrobox
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-2014 CRITICAL POC Act Now

A vulnerability classified as critical was found in Panabit Panalog 202103080942. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Panalog
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-25239 CRITICAL POC Act Now

SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29859 CRITICAL PATCH Act Now

In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29858 CRITICAL PATCH Act Now

In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-1202 CRITICAL Act Now

Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-29876 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29875 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29874 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29873 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29872 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29871 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29870 CRITICAL Act Now

SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sentrifugo
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29732 CRITICAL Act Now

A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-27438 CRITICAL Act Now

Download of Code Without Integrity Check vulnerability in Apache Doris. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Doris
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-1148 CRITICAL Act Now

Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1147 CRITICAL Act Now

Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2161 CRITICAL Act Now

Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28123 CRITICAL PATCH Act Now

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Wasmi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-27922 CRITICAL PATCH Act Now

TOMP Bare Server implements the TompHTTP bare server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Tomp Bare Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29866 CRITICAL Act Now

Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Seq
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy