Skip to main content
CVE-2024-31615 CRITICAL POC Act Now

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Thinkcmf
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-22391 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-22373 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-0916 CRITICAL Act Now

Unauthenticated file upload allows remote code execution.0.0 through 1.1.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-51482 CRITICAL Act Now

Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2023-51484 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in wp-buy Login as User or Customer (User Switching) login-as-customer-or-user allows Privilege Escalation.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-51478 CRITICAL Act Now

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.0.19. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Build App Online
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-4165 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow G3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-4164 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow G3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-4173 CRITICAL Act Now

A vulnerability in Brocade SANnav exposes Kafka in the wan interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-30560 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.0.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-31266 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.4.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Code Injection
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-22144 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.21.96. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy