Skip to main content
CVE-2024-41433 CRITICAL POC Act Now

PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tidb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44921 CRITICAL POC Act Now

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44809 CRITICAL Act Now

A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-45390 CRITICAL PATCH Act Now

@blakeembrey/template is a string template library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Template
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-45307 CRITICAL PATCH Act Now

SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Sudobot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-8389 CRITICAL Act Now

Memory safety bugs present in Firefox 129. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-8387 CRITICAL Act Now

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8385 CRITICAL Act Now

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Memory Corruption Firefox Firefox Esr
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8381 CRITICAL Act Now

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Memory Corruption Firefox Firefox Esr
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2024-7261 CRITICAL Act Now

The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Command Injection Nwa110Ax Firmware Nwa1123 Ac Pro Firmware Nwa1123Acv3 Firmware +26
NVD
CVSS 3.1
9.8
EPSS
11.3%
CVE-2024-7345 CRITICAL Act Now

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Openedge
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-45586 CRITICAL Act Now

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xts Mobile Trader Xts Web Trader
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-45588 CRITICAL Act Now

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xts Mobile Trader Xts Web Trader
NVD
CVSS 4.0
9.1
EPSS
0.4%
CVE-2024-45587 CRITICAL Act Now

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Xts Mobile Trader Xts Web Trader
NVD
CVSS 4.0
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy