Skip to main content
CVE-2024-38887 CRITICAL POC Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-7314 CRITICAL POC THREAT Act Now

anji-plus AJ-Report is affected by an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Report
NVD GitHub
CVSS 3.1
9.8
EPSS
51.5%
CVE-2024-41127 CRITICAL POC PATCH Act Now

Monkeytype is a minimalistic and customizable typing test. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Monkeytype
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2024-38882 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection SQLi Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-38889 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38886 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-36268 CRITICAL PATCH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.10.0 through 1.12.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Apache RCE Inlong
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-38883 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-42461 CRITICAL PATCH Act Now

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy