Skip to main content
CVE-2024-28713 CRITICAL POC Act Now

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mblog
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-3041 CRITICAL POC Act Now

A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3040 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30602 CRITICAL POC Act Now

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30589 CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30587 CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30584 CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-30596 CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-30593 CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30595 CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3042 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Subscription Website 1.0 and classified as critical.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Subscription Website
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-30226 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.3.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 11.8% and no vendor patch available.

Deserialization Betterdocs
NVD
CVSS 3.1
9.0
EPSS
11.8%
CVE-2024-30224 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.3.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Wholesalex
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-30225 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-30228 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2023-6437 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection TP-Link
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-29241 CRITICAL Act Now

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-3039 CRITICAL Act Now

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Shanghai Brad Technology Bladex
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28015 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28014 CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware +56
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28012 CRITICAL Act Now

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28011 CRITICAL Act Now

Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28010 CRITICAL Act Now

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware +56
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28009 CRITICAL Act Now

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28008 CRITICAL Act Now

Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28007 CRITICAL Act Now

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wr8750N Firmware Aterm Wr8160N Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30223 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.0.26. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Armember
NVD
CVSS 3.1
9.0
EPSS
1.1%
CVE-2024-2890 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-29100 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ai Engine
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-30227 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.6.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy