Skip to main content
CVE-2023-37058 CRITICAL POC Act Now

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Jlink Ax1800 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-34833 CRITICAL POC Act Now

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Payroll Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-6047 CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Dsp Lpr Firmware Gv Bx130 Firmware Gv Bx1500 Firmware Gv Cb220 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2024-37902 CRITICAL PATCH Act Now

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-37057 CRITICAL Act Now

An issue in JLINK Unionman Technology Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-36543 CRITICAL Act Now

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36575 CRITICAL Act Now

A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36573 CRITICAL PATCH Act Now

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-36582 CRITICAL Act Now

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36580 CRITICAL Act Now

A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6057 CRITICAL Act Now

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-6048 CRITICAL Act Now

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5163 CRITICAL Act Now

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy