Skip to main content
CVE-2024-46997 CRITICAL POC PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-7024 CRITICAL POC Act Now

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-47222 CRITICAL Act Now

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF My Office Sdk
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0002 CRITICAL Act Now

A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Purity Fa
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0001 CRITICAL POC Act Now

A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Purity Fa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-34331 CRITICAL Act Now

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-7735 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-8606 CRITICAL Act Now

Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Checkmk
NVD
CVSS 4.0
9.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy