Skip to main content
CVE-2024-40502 CRITICAL POC Act Now

SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-39250 CRITICAL POC Act Now

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Timetrax
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-38944 CRITICAL POC Act Now

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-39686 CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-39685 CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-41318 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-41316 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-38773 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.5.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Formlift For Infusionsoft Web Forms
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-6913 CRITICAL POC Act Now

Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.11.6507.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Processplus
NVD
CVSS 4.0
9.3
EPSS
1.4%
CVE-2024-6912 CRITICAL POC Act Now

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.11.6507.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Processplus
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-6806 CRITICAL Act Now

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-6805 CRITICAL Act Now

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Information Disclosure Veristand
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-6794 CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-6793 CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28698 CRITICAL PATCH Act Now

Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-41827 CRITICAL Act Now

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-21552 CRITICAL Act Now

All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38759 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Search Replace
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-41704 CRITICAL PATCH Act Now

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Librechat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41703 CRITICAL PATCH Act Now

LibreChat through 0.7.4-rc1 has incorrect access control for message updates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-37998 CRITICAL Act Now

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy