Skip to main content
CVE-2024-3116 CRITICAL POC PATCH THREAT Act Now

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
64.8%
CVE-2024-21894 CRITICAL POC THREAT Act Now

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ivanti Memory Corruption Connect Secure +1
NVD
CVSS 3.1
9.8
EPSS
19.0%
CVE-2024-3315 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3273 CRITICAL POC KEV THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 320L Firmware Dns 120 Firmware Dnr 202L Firmware +17
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-3272 CRITICAL POC KEV THREAT Act Now

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403.cgi of the component HTTP GET. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dns 320L Firmware Dns 120 Firmware Dnr 202L Firmware +17
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
98.0%
CVE-2024-30264 CRITICAL POC PATCH Act Now

Typebot is an open-source chatbot builder. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Typebot
NVD GitHub
CVSS 3.1
9.3
EPSS
0.8%
CVE-2024-2692 CRITICAL POC Act Now

SiYuan version 3.0.3 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siyuan
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-28787 CRITICAL Act Now

IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Application Gateway Security Verify Access
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-25693 CRITICAL Act Now

There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Portal For Arcgis
NVD
CVSS 3.1
9.9
EPSS
1.3%
CVE-2024-31211 CRITICAL Act Now

WordPress is an open publishing platform for the Web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-27981 CRITICAL Act Now

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ubiquiti
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-3314 CRITICAL Act Now

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29006 CRITICAL Act Now

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cloudstack
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29375 CRITICAL Act Now

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy