Skip to main content
CVE-2024-5827 CRITICAL POC Act Now

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Python
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2024-39704 CRITICAL POC Act Now

Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Melty Blood Actress Again Current Code
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-38371 CRITICAL Act Now

authentik is an open-source Identity Provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3816 CRITICAL Act Now

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi S M Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30110 CRITICAL Act Now

HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Dryice Aex
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-39349 CRITICAL Act Now

A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37282 CRITICAL Act Now

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cloud Enterprise
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37371 CRITICAL PATCH Act Now

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Kerberos 5 Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy