Skip to main content
CVE-2024-40110 CRITICAL POC Act Now

Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Poultry Farm Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-40542 CRITICAL POC Act Now

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi My Springsecurity Plus
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-40541 CRITICAL POC Act Now

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi My Springsecurity Plus
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-40540 CRITICAL POC Act Now

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi My Springsecurity Plus
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40539 CRITICAL POC Act Now

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi My Springsecurity Plus
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-39914 CRITICAL POC PATCH THREAT Act Now

FOG is a cloning/imaging/rescue suite/inventory management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Fogproject
NVD GitHub
CVSS 3.1
9.8
EPSS
23.4%
CVE-2024-6396 CRITICAL POC THREAT Act Now

A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Aim
NVD
CVSS 3.0
9.8
EPSS
53.1%
CVE-2024-6328 CRITICAL PATCH Act Now

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Google WordPress Authentication Bypass Mstore Api
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37927 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.7.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-39917 CRITICAL PATCH Act Now

xrdp is an open source RDP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xrdp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36522 CRITICAL PATCH Act Now

The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Wicket
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-37933 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.4.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-38736 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.14.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-38734 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy