Skip to main content
CVE-2024-46419 CRITICAL POC Act Now

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-46451 CRITICAL POC Act Now

TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-8752 CRITICAL POC THREAT Act Now

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Webiq
NVD
CVSS 4.0
9.3
EPSS
11.8%
CVE-2024-45415 CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45414 CRITICAL Act Now

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Zte
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44623 CRITICAL Act Now

An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Spx Graphics Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-22399 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Seata. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Seata
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-45698 CRITICAL Act Now

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir X4860 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-45697 CRITICAL Act Now

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir X4860 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-45695 CRITICAL Act Now

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE Dir X4860 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-45694 CRITICAL Act Now

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE Dir X5460 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-7104 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.Winsure: before 4.6.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Winsure
NVD VulDB
CVSS 4.0
9.2
EPSS
0.3%
CVE-2024-7098 CRITICAL Act Now

Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.Winsure: before 4.6.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Winsure
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2024-6401 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.6.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Insuree Gl
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2024-46958 CRITICAL PATCH Act Now

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Desktop
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy