Skip to main content
CVE-2024-37858 CRITICAL POC Act Now

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-6366 CRITICAL POC THREAT Act Now

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Profile Builder
NVD WPScan
CVSS 3.1
9.1
EPSS
29.0%
CVE-2024-41799 CRITICAL PATCH Act Now

tgstation-server is a production scale tool for BYOND server management. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Tgstation Server
NVD GitHub
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-6576 CRITICAL Act Now

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7202 CRITICAL Act Now

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Winmatrix3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-7201 CRITICAL Act Now

The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Winmatrix3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5670 CRITICAL Act Now

The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sn Os
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28805 CRITICAL Act Now

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass I Mcs Nfv
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy