Skip to main content
CVE-2024-46256 CRITICAL POC PATCH Act Now

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Nginx Proxy Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-8310 CRITICAL Act Now

OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-46367 CRITICAL Act Now

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Krayin Crm
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-8643 CRITICAL Act Now

Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.0.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Valeapp
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-8644 CRITICAL Act Now

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).0.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Valeapp
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-8630 CRITICAL Act Now

Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sibylla Firmware
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-6981 CRITICAL Act Now

OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-3373 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2024-22170 CRITICAL Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.29.102. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-47070 CRITICAL PATCH Act Now

authentik is an open-source identity provider. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy