Skip to main content
CVE-2024-40125 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Cless Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-46946 CRITICAL POC Act Now

langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Langchain Experimental
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-8963 CRITICAL POC KEV EUVD KEV THREAT Act Now

Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Endpoint Manager Cloud Services Appliance
NVD
CVSS 3.1
9.1
EPSS
98.6%
CVE-2024-33109 CRITICAL Act Now

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tiptel Ip 286 Firmware Sip T28P Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-46984 CRITICAL PATCH Act Now

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XXE Reference Validator
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46983 CRITICAL PATCH Act Now

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Sofa Hessian
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-31570 CRITICAL Act Now

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Freeimage
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7785 CRITICAL Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).08. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-47088 CRITICAL Act Now

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ld Geo Ld Dp Back Office
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-45861 CRITICAL Act Now

Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Control System Firmware
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-8986 CRITICAL PATCH Act Now

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Grafana
NVD
CVSS 4.0
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy