Skip to main content
CVE-2024-27115 CRITICAL POC Act Now

A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Soplanning
NVD
CVSS 4.0
10.0
EPSS
4.6%
CVE-2024-44541 CRITICAL POC Act Now

evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-44466 CRITICAL POC THREAT Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.7%
CVE-2024-6091 CRITICAL POC PATCH Act Now

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Autogpt Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-8277 CRITICAL Act Now

The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Photo Reviews
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-27113 CRITICAL Act Now

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soplanning
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-27112 CRITICAL Act Now

A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Soplanning
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-45790 CRITICAL Act Now

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aim Star
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-7609 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.34.8. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Voc Tester
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy