Skip to main content
CVE-2024-39915 CRITICAL Act Now

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-40524 CRITICAL Act Now

Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-4143 CRITICAL Act Now

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP RCE
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-40624 CRITICAL PATCH Act Now

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-40416 CRITICAL Act Now

A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-40415 CRITICAL Act Now

A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40414 CRITICAL Act Now

A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6744 CRITICAL Act Now

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Secure Email Gateway
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6743 CRITICAL Act Now

AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Space Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39736 CRITICAL Act Now

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38492 CRITICAL Act Now

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-36456 CRITICAL Act Now

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-36455 CRITICAL Act Now

An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy