Skip to main content
CVE-2024-33275 CRITICAL Act Now

SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-33273 CRITICAL Act Now

SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33267 CRITICAL Act Now

SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34048 CRITICAL PATCH Act Now

O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ric Plt E2Mgr
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3411 CRITICAL Act Now

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-33308 CRITICAL Act Now

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Google
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy