Skip to main content
CVE-2024-46640 CRITICAL POC Act Now

SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Seacms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-46103 CRITICAL POC Act Now

SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE SQLi Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-46652 CRITICAL POC Act Now

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47062 CRITICAL POC PATCH Act Now

Navidrome is an open source web-based music collection server and streamer. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Navidrome
NVD GitHub
CVSS 4.0
9.4
EPSS
4.5%
CVE-2024-46101 CRITICAL Act Now

GDidees CMS <= v3.9.1 has a file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Gdidees Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45489 CRITICAL Act Now

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-9043 CRITICAL Act Now

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Secure Email Gateway
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-8853 CRITICAL PATCH Act Now

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Webo Facto
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42351 CRITICAL PATCH Act Now

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Galaxy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy