Skip to main content
CVE-2024-6028 CRITICAL POC PATCH THREAT Act Now

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.3%.

SQLi WordPress Quiz Maker
NVD
CVSS 3.1
9.8
EPSS
80.3%
Threat
5.9
CVE-2024-37843 CRITICAL POC THREAT Act Now

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Craft Cms
NVD
CVSS 3.1
9.8
EPSS
51.3%
CVE-2024-4885 CRITICAL POC KEV THREAT Act Now

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
99.3%
CVE-2024-5806 CRITICAL POC THREAT Act Now

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
75.8%
CVE-2024-5276 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filecatalyst Workflow
NVD
CVSS 3.1
9.1
EPSS
90.1%
CVE-2024-5261 CRITICAL Act Now

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2024-6297 CRITICAL Act Now

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress PHP
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2024-35527 CRITICAL Act Now

An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21741 CRITICAL Act Now

GigaDevice GD32E103C8T6 devices have Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-4884 CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2024-4883 CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
64.8%
CVE-2024-39462 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4641 CRITICAL Act Now

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Us Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-4197 CRITICAL Act Now

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload Ip Office
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4196 CRITICAL Act Now

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Ip Office
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-6060 CRITICAL Act Now

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-5989 CRITICAL Act Now

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell SQLi Thinmanager Thinserver
NVD
CVSS 4.0
9.3
EPSS
2.4%
CVE-2024-5988 CRITICAL Act Now

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Thinmanager Thinserver
NVD
CVSS 4.0
9.3
EPSS
2.7%
CVE-2024-5805 CRITICAL Act Now

Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.0.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moveit Gateway
NVD
CVSS 3.1
9.1
EPSS
7.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy