Skip to main content
CVE-2024-7593 CRITICAL POC KEV PATCH THREAT Act Now

Authentication bypass in Ivanti Virtual Traffic Manager (vTM) admin panel allows remote unauthenticated attackers to gain administrative access to the appliance due to a flawed authentication algorithm implementation. The flaw is confirmed actively exploited (CISA KEV) with an EPSS score of 94.44% (100th percentile), placing it among the highest-risk vulnerabilities currently tracked. All vTM releases other than 22.2R1 and 22.7R2 are affected.

Authentication Bypass Ivanti
NVD
CVSS 3.1
9.8
EPSS
94.4%
Threat
7.8
CVE-2024-7094 CRITICAL Emergency

The JS Help Desk - The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 72.0% and no vendor patch available.

PHP RCE WordPress CSRF Code Injection
NVD
CVSS 3.1
9.8
EPSS
72.0%
Threat
4.1
CVE-2024-43160 CRITICAL POC Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.7.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
4.6%
CVE-2024-28986 CRITICAL POC KEV THREAT CERT-EU Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
84.6%
CVE-2024-41623 CRITICAL Act Now

An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE D8801 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-43153 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.4.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-7569 CRITICAL PATCH Act Now

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ivanti Neurons For Itsm
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-38199 CRITICAL PATCH Act Now

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-38140 CRITICAL PATCH Act Now

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +14
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2024-38063 CRITICAL PATCH Act Now

Windows TCP/IP Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
9.8
EPSS
70.6%
CVE-2024-6788 CRITICAL Act Now

A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43141 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.5.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41730 CRITICAL Act Now

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Business Objects Business Intelligence Platform
NVD
CVSS 3.1
9.8
EPSS
75.9%
CVE-2024-7746 CRITICAL Act Now

Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Traccar
NVD
CVSS 4.0
9.5
EPSS
0.5%
CVE-2024-41940 CRITICAL Act Now

A vulnerability has been identified in SINEC NMS (All versions < V3.0). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinec Nms
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-38108 CRITICAL PATCH Act Now

Azure Stack Hub Spoofing Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Stack Hub
NVD
CVSS 3.1
9.3
EPSS
1.1%
CVE-2024-39651 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPWeb WooCommerce PDF Vouchers allows File Manipulation.9.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Woocommerce Pdf Vouchers
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-38160 CRITICAL PATCH Act Now

Windows Network Virtualization Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1607 +1
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2024-38159 CRITICAL PATCH Act Now

Windows Network Virtualization Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1607 +1
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2024-33003 CRITICAL Act Now

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Commerce Cloud
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy