Skip to main content
CVE-2024-32113 CRITICAL POC KEV PATCH THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.12.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Apache Ofbiz
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.4%
CVE-2024-34257 CRITICAL POC Act Now

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2024-25532 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-25531 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25530 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25529 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-4654 CRITICAL POC Act Now

A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinical Browsing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25525 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25523 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25520 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25519 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at /WorkFlow/wf_work_print.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25517 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25533 CRITICAL POC Act Now

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.7%
CVE-2024-25527 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.5%
CVE-2024-25524 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25522 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25521 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25518 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-4393 CRITICAL Act Now

The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-31961 CRITICAL Act Now

A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-26579 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Inlong
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-32980 CRITICAL PATCH Act Now

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy