Skip to main content
CVE-2024-7954 CRITICAL POC THREAT Emergency

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD
CVSS 3.1
9.8
EPSS
89.9%
CVE-2024-44382 CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-44381 CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-42765 CRITICAL POC Act Now

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42764 CRITICAL POC Act Now

Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
9.4
EPSS
0.3%
CVE-2024-42914 CRITICAL POC Act Now

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arrowcms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-42531 CRITICAL Act Now

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32501 CRITICAL Act Now

A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD
CVSS 3.1
9.8
EPSS
19.2%
CVE-2024-43782 CRITICAL PATCH Act Now

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Openedx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40766 CRITICAL KEV THREAT Act Now

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Sonicos
NVD
CVSS 3.1
9.8
EPSS
15.6%
CVE-2024-33854 CRITICAL Act Now

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33853 CRITICAL Act Now

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33852 CRITICAL Act Now

A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy