Skip to main content
CVE-2024-46986 CRITICAL POC PATCH THREAT Act Now

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Camaleon Cms
NVD GitHub
CVSS 3.1
9.9
EPSS
35.5%
CVE-2024-34026 CRITICAL POC Act Now

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Openplc V3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-5960 CRITICAL Act Now

Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.3.24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Panel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-46377 CRITICAL Act Now

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Best House Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-46376 CRITICAL Act Now

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP File Upload Best House Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-46375 CRITICAL Act Now

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP File Upload Best House Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-46374 CRITICAL Act Now

Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40568 CRITICAL Act Now

Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-34399 CRITICAL Act Now

**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Remedy Mid Tier
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44542 CRITICAL Act Now

SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Todesk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-35515 CRITICAL Act Now

Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-6877 CRITICAL Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.3.24. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Panel
NVD VulDB
CVSS 4.0
9.4
EPSS
0.2%
CVE-2024-5958 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.3.24. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Panel
NVD VulDB
CVSS 4.0
9.4
EPSS
0.2%
CVE-2024-5959 CRITICAL Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS.3.24. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Panel
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-6878 CRITICAL Act Now

Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.3.24. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD VulDB
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-45523 CRITICAL Act Now

An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-8892 CRITICAL Act Now

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tcp2Rs Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-8889 CRITICAL Act Now

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tcp2Rs Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy