Skip to main content
CVE-2024-42815 CRITICAL POC Act Now

In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Memory Corruption Re365 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-42813 CRITICAL POC Act Now

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 752Dru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42812 CRITICAL POC THREAT Act Now

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 860L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.5%
CVE-2024-43399 CRITICAL POC PATCH Act Now

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Mobile Security Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-6330 CRITICAL POC Act Now

The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Geo My Wordpress
NVD WPScan
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-43354 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43328 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Embedpress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43311 CRITICAL Act Now

Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43245 CRITICAL Act Now

Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42658 CRITICAL Act Now

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntpl Xpon1Gfevn Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37099 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.14.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Givewp
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44076 CRITICAL PATCH Act Now

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microcks
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43261 CRITICAL Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.2.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-43240 CRITICAL Act Now

Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.7. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.4
EPSS
0.2%
CVE-2024-43252 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.1.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-43242 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.7. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-43248 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.6.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Bit Form
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy