Skip to main content
CVE-2024-8517 CRITICAL POC THREAT Emergency

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload Spip
NVD
CVSS 3.1
9.8
EPSS
94.6%
CVE-2024-45771 CRITICAL POC Act Now

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44839 CRITICAL POC Act Now

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44838 CRITICAL POC Act Now

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44402 CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-44401 CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-45758 CRITICAL POC Act Now

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization H2O
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-6445 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.0.0 before v3.1.7. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Datadiodex
NVD VulDB
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-7493 CRITICAL Act Now

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wpcom Member
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-8292 CRITICAL PATCH Act Now

The WP-Recall - Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Wp Recall
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1744 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.3.2.1. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Accord Ors
NVD VulDB
CVSS 4.0
9.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy