Skip to main content
CVE-2024-23692 CRITICAL POC KEV THREAT Emergency

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ssti Http File Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.5%
CVE-2024-31030 CRITICAL POC Act Now

An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-33999 CRITICAL PATCH Act Now

The referrer URL used by MFA required additional sanitizing, rather than being used directly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36108 CRITICAL Act Now

casgate is an Open Source Identity and Access Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36246 CRITICAL Act Now

Missing authorization vulnerability exists in Unifier and Unifier Cast. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32850 CRITICAL Act Now

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-5176 CRITICAL Act Now

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.9.4.1 and prior. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-1275 CRITICAL Act Now

Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.52. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.1
EPSS
0.4%
CVE-2024-37018 CRITICAL Act Now

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy