Skip to main content
CVE-2024-32651 CRITICAL POC PATCH THREAT Act Now

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ssti
NVD GitHub
CVSS 3.1
10.0
EPSS
83.7%
CVE-2024-28322 CRITICAL POC Act Now

SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Event Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-33344 CRITICAL POC THREAT Act Now

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 822 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.9%
CVE-2024-0740 CRITICAL POC PATCH Act Now

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Target Management
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-3962 CRITICAL PATCH Act Now

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.5%.

WordPress File Upload RCE Product Addons Fields For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
10.5%
CVE-2024-32766 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
10.0
EPSS
2.3%
CVE-2024-32764 CRITICAL Act Now

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Myqnapcloud Link
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-30804 CRITICAL Act Now

An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32881 CRITICAL Act Now

Danswer is the AI Assistant connected to company's docs, apps, and people. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-31601 CRITICAL Act Now

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-22633 CRITICAL Act Now

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-22632 CRITICAL Act Now

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25343 CRITICAL Act Now

Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Tenda N300 Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33668 CRITICAL Act Now

An issue was discovered in Zammad before 6.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-33661 CRITICAL PATCH Act Now

Portainer before 2.20.0 allows redirects when the target is not index.yaml. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portainer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy