Skip to main content
CVE-2024-39011 CRITICAL POC Act Now

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Prototype Pollution Chargeover Redoc
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38983 CRITICAL POC Act Now

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Mini Deep Assign
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39012 CRITICAL POC Act Now

ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Strategyen
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39010 CRITICAL POC Act Now

chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Snapstate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38986 CRITICAL POC PATCH Act Now

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Deep Merge
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-38984 CRITICAL POC Act Now

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Json Override
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-36572 CRITICAL POC Act Now

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Formmanager Data Handler
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5765 CRITICAL POC THREAT Act Now

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wpstickybar
NVD WPScan
CVSS 3.1
9.8
EPSS
27.4%
CVE-2024-5975 CRITICAL POC Act Now

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Cz Loan Management
NVD WPScan
CVSS 3.1
9.1
EPSS
2.0%
CVE-2024-38909 CRITICAL Act Now

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elfinder
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41611 CRITICAL Act Now

In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 860L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41610 CRITICAL Act Now

D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 820Lw Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3930 CRITICAL Act Now

In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Akana Api
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-41702 CRITICAL Act Now

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-38432 CRITICAL Act Now

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tafnit
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-6699 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ma7 Firmware
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy