Skip to main content
CVE-2024-27348 CRITICAL POC KEV PATCH THREAT Act Now

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Hugegraph
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.2%
CVE-2024-4040 CRITICAL POC KEV PATCH THREAT Act Now

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Ssti Crushftp
NVD GitHub
CVSS 3.1
10.0
EPSS
99.5%
CVE-2024-32041 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32238 CRITICAL POC THREAT Act Now

H3C ER8300G2-X is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
53.2%
CVE-2024-31666 CRITICAL POC Act Now

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Flusity
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-32418 CRITICAL POC Act Now

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP Flusity
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31545 CRITICAL POC Act Now

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Computer Laboratory Management System
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-32460 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32459 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2024-32458 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-32040 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32039 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-29661 CRITICAL Act Now

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-27574 CRITICAL Act Now

SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-27349 CRITICAL PATCH Act Now

Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.0.0 before 1.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Hugegraph
NVD
CVSS 3.1
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy