Skip to main content
CVE-2024-35374 CRITICAL POC PATCH Act Now

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Mocodo Online
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-35373 CRITICAL POC Act Now

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Mocodo Online
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-35339 CRITICAL POC Act Now

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection Tenda RCE Fh1206 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-31510 CRITICAL POC Act Now

An issue in Open Quantum Safe liboqs v.10.0 allows a remote attacker to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Liboqs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5315 CRITICAL POC THREAT Act Now

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Dolibarr Erp Crm
NVD
CVSS 3.1
9.1
EPSS
32.9%
CVE-2024-35396 CRITICAL Act Now

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-4544 CRITICAL Act Now

The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-35387 CRITICAL Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.1%
CVE-2024-35592 CRITICAL Act Now

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS File Upload
NVD GitHub
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-5314 CRITICAL Act Now

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Dolibarr Erp Crm
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy