Skip to main content
CVE-2024-6127 CRITICAL POC THREAT Emergency

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
9.8
EPSS
10.3%
CVE-2024-5980 CRITICAL POC PATCH MAL Act Now

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Pytorch Lightning
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-5822 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Chuanhuchatgpt
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5535 CRITICAL Act Now

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Buffer Overflow Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
5.1%
CVE-2024-6071 CRITICAL Act Now

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-2973 CRITICAL Act Now

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-3330 CRITICAL Act Now

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Microsoft
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-0947 CRITICAL Act Now

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-0949 CRITICAL Act Now

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.0.68. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-1107 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.0.68. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Travel Apps
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-39705 CRITICAL PATCH Act Now

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-36072 CRITICAL Act Now

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39208 CRITICAL Act Now

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5826 CRITICAL Act Now

In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2024-5751 CRITICAL PATCH MAL Act Now

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google Litellm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-35260 CRITICAL Act Now

An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Power Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39669 CRITICAL Act Now

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-36059 CRITICAL Act Now

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
9.4
EPSS
0.7%
CVE-2024-2882 CRITICAL Act Now

SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-39376 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-39375 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-39374 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-39373 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy