Skip to main content
CVE-2024-7332 CRITICAL POC THREAT Act Now

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cp450 Firmware
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
20.7%
CVE-2024-38770 CRITICAL Act Now

Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.22.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41961 CRITICAL Act Now

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-39777 CRITICAL PATCH Act Now

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-7093 CRITICAL Act Now

Dispatch's notification service uses Jinja templates to generate messages to users. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-39619 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.9.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD VulDB
CVSS 3.1
9.0
EPSS
1.7%
CVE-2024-41259 CRITICAL Act Now

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Navidrome
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-32758 CRITICAL Act Now

Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Exacqvision Client Exacqvision Server
NVD
CVSS 4.0
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy