Skip to main content
CVE-2024-32161 CRITICAL POC Act Now

jizhiCMS 2.5 suffers from a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jizhicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30990 CRITICAL POC Act Now

SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Client Management System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-30985 CRITICAL POC Act Now

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Client Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30981 CRITICAL POC Act Now

SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cyber Cafe Management System
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30980 CRITICAL POC Act Now

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cyber Cafe Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32318 CRITICAL POC Act Now

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32286 CRITICAL POC Act Now

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32301 CRITICAL POC Act Now

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure Ac7 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3908 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-3907 CRITICAL POC Act Now

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32340 CRITICAL POC Act Now

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-32514 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Poll Maker
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-3817 CRITICAL PATCH Act Now

HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Hashicorp Go Getter
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-21990 CRITICAL Act Now

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-31581 CRITICAL PATCH Act Now

FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ffmpeg Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-30982 CRITICAL Act Now

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Cyber Cafe Management System
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-3909 CRITICAL Act Now

A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy