Skip to main content
CVE-2024-6671 CRITICAL POC THREAT Act Now

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
14.9%
CVE-2024-6670 CRITICAL POC KEV THREAT Act Now

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Whatsup Gold
NVD GitHub
CVSS 3.1
9.8
EPSS
94.7%
CVE-2024-41372 CRITICAL POC Act Now

Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Organizr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41370 CRITICAL POC Act Now

Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Organizr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41369 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41368 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41367 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41366 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41364 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41361 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-43965 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Sendgrid
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-43917 CRITICAL POC THREAT Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ti Woocommerce Wishlist
NVD GitHub
CVSS 3.1
9.8
EPSS
21.8%
CVE-2024-43144 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.2.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cost Calculator Builder
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-5057 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Easy Digital Downloads
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-45435 CRITICAL POC Act Now

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Chartist
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43955 CRITICAL Act Now

Unauthenticated path traversal in Themeum's Droip WordPress plugin (versions prior to 2.5.2) lets remote attackers read sensitive files outside the intended directory and trigger availability impact with scope change to the underlying WordPress host. CVSS rates this 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H), and while no public exploit is identified at time of analysis, the EPSS of 1.13% (78th percentile) signals meaningfully elevated exploitation interest relative to the broader CVE population.

Path Traversal
NVD
CVSS 3.1
10.0
EPSS
1.1%
CVE-2024-43941 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.7.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Propovoice
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43931 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jobsearch Wp Job Board
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43922 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Nitropack
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43918 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Product Table
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-43132 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Docket
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-39653 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Vikrentcar
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29731 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29730 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29729 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29728 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29727 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29726 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29725 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29724 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29723 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-45233 CRITICAL PATCH Act Now

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powermail
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-44779 CRITICAL Act Now

A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Vtiger Crm
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-44778 CRITICAL Act Now

A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Vtiger Crm
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-44777 CRITICAL Act Now

A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Vtiger Crm
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-38795 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.9.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.6%
CVE-2024-39622 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro allows SQL Injection.9.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy