Skip to main content
CVE-2024-6220 CRITICAL POC PATCH THREAT Act Now

The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.4%.

File Upload WordPress RCE Keydatas
NVD
CVSS 3.1
9.8
EPSS
70.4%
Threat
5.6
CVE-2024-20419 CRITICAL POC THREAT Act Now

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Smart Software Manager On Prem
NVD GitHub Exploit-DB
CVSS 3.1
10.0
EPSS
80.6%
CVE-2024-20401 CRITICAL Act Now

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Secure Email Gateway
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-5471 CRITICAL Act Now

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Ddi Central
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-36491 CRITICAL Act Now

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-31070 CRITICAL Act Now

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-6834 CRITICAL Act Now

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy