Skip to main content
CVE-2024-6695 CRITICAL POC Act Now

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Profile Builder
NVD WPScan
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6255 CRITICAL POC THREAT Act Now

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chuanhuchatgpt
NVD
CVSS 3.1
9.1
EPSS
13.1%
CVE-2024-38182 CRITICAL Act Now

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41660 CRITICAL Act Now

slpd-lite is a unicast SLP UDP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-39950 CRITICAL Act Now

A vulnerability has been found in Dahua products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware +56
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-7205 CRITICAL Act Now

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-6980 CRITICAL Act Now

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Information Disclosure Gravityzone
NVD
CVSS 4.0
9.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy