Skip to main content
CVE-2024-31673 CRITICAL POC Act Now

Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Kliqqi Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33792 CRITICAL POC Act Now

netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mex605 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-33789 CRITICAL POC Act Now

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E5600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-33786 CRITICAL Act Now

An arbitrary file upload vulnerability in Zhongcheng Kexin Ticketing Management Platform 20.04 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2410 CRITICAL Act Now

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Protobuf
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-4466 CRITICAL Act Now

SQL injection vulnerability in Gescen on the centrosdigitales.net platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32986 CRITICAL Act Now

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Mozilla Microsoft
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy