Skip to main content
CVE-2024-5910 CRITICAL POC KEV THREAT Emergency

Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Paloalto Expedition
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
91.8%
CVE-2024-6235 CRITICAL POC THREAT Act Now

Sensitive information disclosure in NetScaler Console. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Citrix Netscaler Console
NVD
CVSS 4.0
9.4
EPSS
21.3%
CVE-2024-4879 CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Servicenow
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
100.0%
CVE-2024-5217 CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Servicenow
NVD
CVSS 4.0
9.2
EPSS
99.6%
CVE-2024-6037 CRITICAL POC THREAT Act Now

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chuanhuchatgpt
NVD GitHub
CVSS 3.1
9.1
EPSS
10.6%
CVE-2024-6036 CRITICAL POC THREAT Act Now

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chuanhuchatgpt
NVD
CVSS 3.1
9.1
EPSS
10.8%
CVE-2024-37770 CRITICAL POC Act Now

14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE 14Finger
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-21524 CRITICAL POC Act Now

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Stringbuilder
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-25077 CRITICAL Act Now

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-37113 CRITICAL Act Now

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.26.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6422 CRITICAL Act Now

An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oit700 F113 B12 Cb Firmware Oit500 F113 B12 Cb Firmware Oit200 F113 B12 Cb Firmware Oit1500 F113 B12 Cb Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37310 CRITICAL Act Now

EVerest is an EV charging software stack. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy