Skip to main content
CVE-2024-22476 CRITICAL POC THREAT Act Now

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Intel
NVD GitHub
CVSS 3.1
10.0
EPSS
33.4%
CVE-2024-4326 CRITICAL POC PATCH Act Now

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Lollms Web Ui
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2024-2358 CRITICAL POC Act Now

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2024-2361 CRITICAL POC Act Now

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lollms Web Ui
NVD
CVSS 3.0
9.6
EPSS
0.6%
CVE-2024-2366 CRITICAL POC Act Now

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Command Injection Lollms Web Ui
NVD
CVSS 3.0
9.0
EPSS
0.7%
CVE-2024-4223 CRITICAL PATCH Act Now

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-4992 CRITICAL Act Now

Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Siadmin
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4991 CRITICAL Act Now

Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Siadmin
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4078 CRITICAL PATCH Act Now

A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2024-4999 CRITICAL Act Now

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.95-2; PRO:. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
12.2%
CVE-2024-5023 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.4.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2024-4826 CRITICAL Act Now

SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-35187 CRITICAL Act Now

Stalwart Mail Server is an open-source mail server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy