Skip to main content
CVE-2024-42850 CRITICAL POC Act Now

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Silverpeas
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-43042 CRITICAL POC Act Now

Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pluck
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42639 CRITICAL POC Act Now

H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gr1100 P Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42638 CRITICAL POC Act Now

H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Magic B1St Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42637 CRITICAL POC Act Now

H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass R3010 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42634 CRITICAL POC Act Now

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection Tenda RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-6460 CRITICAL POC Act Now

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Grow
NVD WPScan
CVSS 3.1
9.8
EPSS
4.8%
CVE-2024-42462 CRITICAL Act Now

Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.1.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Upkeeper Manager
NVD
CVSS 4.0
10.0
EPSS
0.5%
CVE-2024-42466 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.1.9. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
9.5
EPSS
0.7%
CVE-2024-42465 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.1.9. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
9.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy