Skip to main content
CVE-2024-3400 CRITICAL POC KEV THREAT Emergency

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection via arbitrary file creation (CVSS 10.0) allowing unauthenticated root-level RCE, triggering an emergency patching directive from CISA in April 2024.

NVD Exploit-DB
CVSS 3.1
10.0
EPSS
94.3%
Threat
9.8
CVE-2023-51409 CRITICAL POC THREAT Emergency

Unrestricted file upload in Jordy Meow's AI Engine: ChatGPT Chatbot plugin for WordPress (versions up to and including 1.9.98) allows remote attackers to upload arbitrary files of dangerous types, including executable PHP scripts, leading to remote code execution on the underlying web server. With a maximum CVSS score of 10.0, an EPSS score of 92.78% (100th percentile), and publicly available exploit code, this represents an extreme-priority issue for any WordPress site running the plugin.

File Upload Ai Engine
NVD GitHub
CVSS 3.1
10.0
EPSS
92.8%
Threat
6.3
CVE-2024-3691 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Small Crm
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-31818 CRITICAL POC Act Now

Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal PHP Derbynet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-28718 CRITICAL POC PATCH Act Now

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Magnum
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-3704 CRITICAL Act Now

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Opengnsys
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3685 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28878 CRITICAL Act Now

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-30407 CRITICAL Act Now

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper
NVD
CVSS 4.0
9.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy