Skip to main content
CVE-2024-36401 CRITICAL POC KEV PATCH THREAT Act Now

GeoServer is an open source server that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Geoserver Geotools
NVD GitHub
CVSS 3.1
9.8
EPSS
99.8%
CVE-2024-38366 CRITICAL POC THREAT Act Now

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trunk Cocoapods Org
NVD GitHub
CVSS 3.1
10.0
EPSS
17.8%
CVE-2024-39251 CRITICAL POC Act Now

An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-37762 CRITICAL POC Act Now

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Machform
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2024-28200 CRITICAL POC Act Now

The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-39236 CRITICAL POC Act Now

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Gradio
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38996 CRITICAL POC PATCH Act Now

ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Ag Grid
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-38993 CRITICAL POC Act Now

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Denial Of Service Jsonic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38367 CRITICAL POC PATCH THREAT Act Now

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trunk Cocoapods Org
NVD GitHub
CVSS 3.1
9.6
EPSS
11.1%
CVE-2024-39008 CRITICAL PATCH Act Now

robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-38999 CRITICAL PATCH Act Now

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-39309 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Node.js
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2024-38513 CRITICAL PATCH Act Now

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Session Fixation Fiber
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6376 CRITICAL PATCH Act Now

MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling.42.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Compass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39017 CRITICAL Act Now

agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39015 CRITICAL Act Now

cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39014 CRITICAL Act Now

ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39013 CRITICAL Act Now

2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE Denial Of Service
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-20080 CRITICAL Act Now

In gnss service, there is a possible escalation of privilege due to improper certificate validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Yocto Rdk B Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20078 CRITICAL Act Now

In venc, there is a possible out of bounds write due to type confusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-38368 CRITICAL PATCH Act Now

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Trunk Cocoapods Org
NVD GitHub
CVSS 3.1
9.3
EPSS
14.9%
CVE-2024-5322 CRITICAL Act Now

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N Central
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-39305 CRITICAL PATCH Act Now

Envoy is a cloud-native, open source edge and service proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-21456 CRITICAL PATCH Act Now

Information Disclosure while parsing beacon frame in STA. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Fastconnect 7800 Firmware Qam8255p Firmware +39
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-6425 CRITICAL Act Now

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesbook
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy