Skip to main content
CVE-2024-37014 CRITICAL POC PATCH Act Now

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Langflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-36412 CRITICAL POC Act Now

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2024-32167 CRITICAL POC Act Now

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Online Medicine Ordering System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-31611 CRITICAL POC Act Now

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Seacms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-34762 CRITICAL Act Now

Vulnerability discovered by executing a planned security audit. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-35746 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.1.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Buddypress Cover
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35677 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.3.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Mega Menu
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35735 CRITICAL Act Now

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.2.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-22298 CRITICAL Act Now

Missing Authorization vulnerability in TMS Amelia ameliabooking.0.98. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amelia
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35307 CRITICAL Act Now

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Pandora Fms
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-35304 CRITICAL Act Now

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-3700 CRITICAL Act Now

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Simple Care
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-3699 CRITICAL Act Now

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Gabinet
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-1228 CRITICAL Act Now

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Przychodnia
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-35658 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Checkout Field Editor For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-36417 CRITICAL Act Now

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy