Skip to main content
CVE-2024-6782 CRITICAL POC THREAT Emergency

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
83.4%
CVE-2024-6886 CRITICAL POC PATCH THREAT Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.22.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitea
NVD GitHub
CVSS 4.0
10.0
EPSS
40.3%
CVE-2024-39227 CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Mt6000 Firmware A1300 Firmware X300B Firmware +25
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-41616 CRITICAL POC Act Now

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-39228 CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39226 CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
20.6%
CVE-2024-39225 CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
14.5%
CVE-2024-28740 CRITICAL POC Act Now

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Koha
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-33897 CRITICAL POC Act Now

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-30170 CRITICAL POC Act Now

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privx
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-42395 CRITICAL Act Now

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-42394 CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42393 CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-23483 CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6359 CRITICAL Act Now

Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Arcsight Intelligence
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-33974 CRITICAL Act Now

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33960 CRITICAL Act Now

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6202 CRITICAL Act Now

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Haloitsm
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5828 CRITICAL Act Now

Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.8.7-00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Tuning Manager
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7519 CRITICAL Act Now

Insufficient checks when processing graphics shared memory could have led to memory corruption. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-41270 CRITICAL PATCH Act Now

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gorush
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy