Skip to main content
CVE-2024-4898 CRITICAL POC PATCH THREAT Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.1%.

Authentication Bypass WordPress Instawp Connect
NVD
CVSS 3.1
9.8
EPSS
90.1%
Threat
6.2
CVE-2024-36761 CRITICAL POC Act Now

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Wgpu Naga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-36265 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Submarine
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37036 CRITICAL Act Now

when sending a malformed POST request and particular configuration parameters are set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Buffer Overflow Memory Corruption Sage Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36264 CRITICAL PATCH Act Now

** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-1659 CRITICAL Act Now

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication.10. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Megabip
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-1577 CRITICAL Act Now

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Megabip
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-1576 CRITICAL Act Now

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Megabip
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-36840 CRITICAL Act Now

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP RCE
NVD VulDB
CVSS 3.1
9.1
EPSS
2.2%
CVE-2024-4315 CRITICAL PATCH Act Now

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD GitHub
CVSS 3.0
9.1
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy