Skip to main content
CVE-2024-28421 CRITICAL POC Act Now

SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Razor
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2863 CRITICAL POC THREAT Act Now

This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Lg Led Assistant
NVD
CVSS 3.1
9.8
EPSS
64.0%
CVE-2024-2862 CRITICAL POC THREAT Act Now

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lg Led Assistant
NVD
CVSS 3.1
9.8
EPSS
51.0%
CVE-2024-28386 CRITICAL Act Now

An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Fastmag Sync
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-2865 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-29666 CRITICAL Act Now

Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-29650 CRITICAL PATCH Act Now

An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-28393 CRITICAL PATCH Act Now

SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Scalapay
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2873 CRITICAL Act Now

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wolfssh
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy