Skip to main content
CVE-2024-3408 CRITICAL POC THREAT Emergency

man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Python D Tale
NVD GitHub
CVSS 3.1
9.8
EPSS
78.0%
CVE-2024-4320 CRITICAL POC THREAT Act Now

A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Lollms Web Ui
NVD
CVSS 3.1
9.8
EPSS
34.4%
CVE-2024-3429 CRITICAL POC PATCH THREAT Act Now

A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Microsoft Authentication Bypass Information Disclosure Denial Of Service +1
NVD GitHub
CVSS 3.1
9.8
EPSS
28.3%
CVE-2024-3322 CRITICAL POC PATCH Act Now

A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Lollms Web Ui
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3234 CRITICAL POC PATCH Act Now

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Chuanhuchatgpt
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2024-2624 CRITICAL POC PATCH Act Now

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Information Disclosure File Upload Lollms Web Ui
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2360 CRITICAL POC Act Now

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-2359 CRITICAL POC Act Now

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lollms Web Ui
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-5482 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Lollms Web Ui
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5452 CRITICAL POC PATCH THREAT MAL Act Now

A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pytorch Lightning
NVD GitHub
CVSS 3.1
9.8
EPSS
26.5%
CVE-2024-3104 CRITICAL POC PATCH Act Now

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Denial Of Service Anythingllm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-34832 CRITICAL POC Act Now

Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Cubecart
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2024-36779 CRITICAL POC Act Now

Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Stock Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3166 CRITICAL POC PATCH Act Now

A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Anythingllm Desktop Anythingllm Docker
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2024-3033 CRITICAL POC PATCH Act Now

An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-5328 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Lunary
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-2362 CRITICAL POC Act Now

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Lollms Web Ui
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-5153 CRITICAL PATCH Act Now

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Startklar Elmentor Addons
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2024-22074 CRITICAL Act Now

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dynamsoft Service
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-1881 CRITICAL PATCH Act Now

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Autogpt Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-36736 CRITICAL Act Now

An issue in the oneflow.permute component of OneFlow-Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5675 CRITICAL Act Now

Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Mentor
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36394 CRITICAL Act Now

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sysaid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-36393 CRITICAL Act Now

SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sysaid
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-4177 CRITICAL Act Now

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-24192 CRITICAL Act Now

robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Robdns
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-1873 CRITICAL Act Now

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Lollms Web Ui
NVD GitHub
CVSS 3.1
9.1
EPSS
13.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy