Skip to main content
CVE-2024-44342 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-44341 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-41622 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-7720 CRITICAL Act Now

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection HP RCE Security Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-36068 CRITICAL Act Now

An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Cloud Data Management
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6633 CRITICAL Act Now

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecatalyst Workflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-7940 CRITICAL Act Now

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-7071 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Brain Low Code
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy