Skip to main content
CVE-2024-25510 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25508 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32370 CRITICAL POC Act Now

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mailinspector
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-4346 CRITICAL Act Now

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

WordPress PHP Path Traversal RCE
NVD
CVSS 3.1
9.1
EPSS
22.2%
CVE-2024-25514 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25511 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25509 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25507 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-4345 CRITICAL Act Now

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.0% and no vendor patch available.

WordPress File Upload RCE
NVD
CVSS 3.1
9.8
EPSS
15.0%
CVE-2024-33434 CRITICAL PATCH GHSA Act Now

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
5.6%
CVE-2024-33120 CRITICAL Act Now

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Roothub
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4186 CRITICAL Act Now

The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33164 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33155 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33153 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33124 CRITICAL Act Now

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33857 CRITICAL Act Now

An issue was discovered in Logpoint before 7.4.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Siem
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-33146 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-34346 CRITICAL PATCH Act Now

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Deno
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy