Skip to main content
CVE-2024-33375 CRITICAL POC Act Now

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bl W1210M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37637 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3080 CRITICAL POC THREAT Act Now

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
43.5%
CVE-2024-37642 CRITICAL POC THREAT Act Now

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
11.4%
CVE-2024-4936 CRITICAL PATCH Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

LFI PHP WordPress RCE Canto
NVD
CVSS 3.1
9.8
EPSS
11.5%
CVE-2024-5577 CRITICAL Act Now

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP WordPress RCE
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-37831 CRITICAL Act Now

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Payroll Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33374 CRITICAL Act Now

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5671 CRITICAL Act Now

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3912 CRITICAL Act Now

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-27174 CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-27173 CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Python
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2024-27172 CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
9.8
EPSS
26.8%
CVE-2024-27145 CRITICAL Act Now

The Toshiba printers provide several ways to upload files using the admin web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-27144 CRITICAL Act Now

The Toshiba printers provide several ways to upload files using the web interface without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-27143 CRITICAL Act Now

Toshiba printers use SNMP for configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-2472 CRITICAL Act Now

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Latepoint
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2024-34539 CRITICAL Act Now

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy