Skip to main content
CVE-2024-28189 CRITICAL POC Emergency

Judge0 is an open-source online code execution system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
7.2%
CVE-2024-28185 CRITICAL POC Emergency

Judge0 is an open-source online code execution system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
7.1%
CVE-2024-30923 CRITICAL POC Act Now

SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE SQLi Derbynet
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-30922 CRITICAL POC Act Now

SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Derbynet
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-3948 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Home Clean Service System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-32599 CRITICAL Act Now

Remote code execution in the WP Dummy Content Generator WordPress plugin (versions up to and including 3.2.1) allows unauthenticated attackers to inject and execute arbitrary code due to improper input handling (CWE-94). With a maximum CVSS score of 10.0 and a scope-changing vector, successful exploitation grants full compromise of the WordPress site and underlying host context; no public exploit identified at time of analysis, while EPSS sits at 0.72% (72nd percentile).

Code Injection RCE
NVD VulDB
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-49742 CRITICAL Act Now

Missing Authorization vulnerability in Support Genix.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2024-30564 CRITICAL PATCH Act Now

An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-2796 CRITICAL Act Now

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-29021 CRITICAL Act Now

Judge0 is an open-source online code execution system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
9.0
EPSS
20.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy