Skip to main content
CVE-2024-41461 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41460 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41459 CRITICAL POC Act Now

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41551 CRITICAL POC Act Now

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-41662 CRITICAL POC PATCH Act Now

VNote is a note-taking platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Vnote
NVD GitHub
CVSS 3.1
9.6
EPSS
1.7%
CVE-2024-40422 CRITICAL POC THREAT Act Now

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Devika
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
11.4%
CVE-2024-36535 CRITICAL Act Now

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meshery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36533 CRITICAL PATCH Act Now

Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36536 CRITICAL Act Now

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Fabedge
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36540 CRITICAL Act Now

Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure External Secrets Operator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-36539 CRITICAL Act Now

Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Contour
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-6327 CRITICAL Act Now

In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Report Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-6096 CRITICAL Act Now

In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Telerik Reporting
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41914 CRITICAL Act Now

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
9.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy