Skip to main content
CVE-2024-39932 CRITICAL POC PATCH THREAT Act Now

Gogs through 0.13.0 allows argument injection during the previewing of changes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Gogs
NVD GitHub
CVSS 3.1
9.9
EPSS
17.2%
CVE-2024-39930 CRITICAL POC PATCH Act Now

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Gogs
NVD GitHub Exploit-DB
CVSS 3.1
9.9
EPSS
7.3%
CVE-2024-39931 CRITICAL PATCH Act Now

Gogs through 0.13.0 allows deletion of internal files. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Gogs
NVD GitHub
CVSS 3.1
9.9
EPSS
50.7%
CVE-2024-39165 CRITICAL Act Now

QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy