Skip to main content
CVE-2024-27730 CRITICAL POC PATCH Act Now

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass RCE Friendica
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-42978 CRITICAL POC Act Now

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1206 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-42967 CRITICAL POC Act Now

Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42966 CRITICAL POC Act Now

Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N350Rt Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42947 CRITICAL POC Act Now

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1201 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-42843 CRITICAL POC Act Now

Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Examination System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43366 CRITICAL POC Act Now

zkvyper is a Vyper compiler. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zkvyper
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-42757 CRITICAL Act Now

Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-23168 CRITICAL Act Now

Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7263 CRITICAL Act Now

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Wps Office
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-7262 CRITICAL KEV THREAT Act Now

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Wps Office
NVD
CVSS 4.0
9.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy