Skip to main content
CVE-2024-38856 CRITICAL POC KEV PATCH THREAT Act Now

Incorrect Authorization vulnerability in Apache OFBiz.12.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Ofbiz
NVD
CVSS 3.1
9.8
EPSS
99.4%
CVE-2024-42009 CRITICAL POC KEV EUVD KEV THREAT Act Now

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Webmail
NVD GitHub
CVSS 3.1
9.3
EPSS
83.4%
CVE-2024-40498 CRITICAL Act Now

SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-42447 CRITICAL PATCH Act Now

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Fab
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41889 CRITICAL Act Now

Multiple Pimax products accept WebSocket connections from unintended endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Pitool Play
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-6915 CRITICAL Act Now

JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.3
EPSS
0.6%
CVE-2024-42008 CRITICAL Act Now

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmail
NVD GitHub
CVSS 3.1
9.3
EPSS
33.9%
CVE-2024-7397 CRITICAL Act Now

Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.4%
CVE-2024-7395 CRITICAL Act Now

An authentication bypass vulnerability in Korenix JetPort 5601v3 allows an attacker to access functionality on the device without specifying a password.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2024-6118 CRITICAL Act Now

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetinghub Paperless Meetings
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-6117 CRITICAL Act Now

A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Meetinghub Paperless Meetings
NVD
CVSS 4.0
9.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy