Skip to main content
CVE-2024-20439 CRITICAL POC KEV THREAT Act Now

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Smart License Utility
NVD
CVSS 3.1
9.8
EPSS
91.9%
CVE-2024-44400 CRITICAL POC THREAT Act Now

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 8400 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.1%
CVE-2024-45507 CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.12.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Code Injection Apache RCE Ofbiz
NVD
CVSS 3.1
9.8
EPSS
93.2%
CVE-2024-6926 CRITICAL POC Act Now

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Viral Signup
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-45076 CRITICAL Act Now

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Webmethods Integration
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-44808 CRITICAL Act Now

An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-7923 CRITICAL Act Now

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Satellite
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-7012 CRITICAL Act Now

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Satellite
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-8289 CRITICAL Act Now

The MultiVendorX - The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Multivendorx
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-34657 CRITICAL Act Now

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Memory Corruption Notes
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7950 CRITICAL PATCH Act Now

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-7076 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Semtek Sempos
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-7078 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Semtek Sempos
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2024-45443 CRITICAL Act Now

Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy