Skip to main content
CVE-2024-32128 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.14.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

SQLi
NVD
CVSS 3.1
9.3
EPSS
11.0%
CVE-2024-28557 CRITICAL POC Act Now

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Php Task Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28556 CRITICAL POC Act Now

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Php Task Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28056 CRITICAL POC PATCH Act Now

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Authentication Bypass Amplify Cli
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-3797 CRITICAL POC Act Now

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Qr Code Bookmark System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3770 CRITICAL POC Act Now

A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3769 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-31650 CRITICAL POC Act Now

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2024-23486 CRITICAL Act Now

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wsr 2533Dhp Firmware Wsr 2533Dhpl Firmware Wsr 2533Dhp2 Firmware Wsr A2533Dhp2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3701 CRITICAL Act Now

The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hios
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3777 CRITICAL Act Now

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qbibot
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-29844 CRITICAL Act Now

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-29836 CRITICAL Act Now

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evolution
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24486 CRITICAL Act Now

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ds 600 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-3781 CRITICAL Act Now

Command injection vulnerability in the operating system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wbsairback
NVD
CVSS 3.1
9.1
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy