Skip to main content
CVE-2024-34082 CRITICAL POC PATCH Act Now

Grav is a file-based Web platform. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Grav
NVD GitHub
CVSS 3.1
9.9
EPSS
3.1%
CVE-2024-34955 CRITICAL POC Act Now

Code-projects Budget Management 1.0 is vulnerable to SQL Injection via the delete parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Budget Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-4947 CRITICAL POC KEV THREAT Act Now

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
9.6
EPSS
15.1%
CVE-2024-32888 CRITICAL PATCH Act Now

The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs) available in the Java Platform,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java PostgreSQL
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-34025 CRITICAL Act Now

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33625 CRITICAL Act Now

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32053 CRITICAL Act Now

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32047 CRITICAL Act Now

Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powerpanel
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-3968 CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Imanager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3967 CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Imanager
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3488 CRITICAL Act Now

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Imanager
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-3487 CRITICAL Act Now

Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Imanager
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-3486 CRITICAL Act Now

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure XXE Imanager
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-3484 CRITICAL Act Now

Path Traversal found in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Imanager
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-3483 CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Command Injection Imanager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-4893 CRITICAL Act Now

DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3319 CRITICAL Act Now

An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy