Skip to main content
CVE-2024-45519 CRITICAL POC KEV THREAT Act Now

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zimbra Collaboration Suite
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2024-24117 CRITICAL POC Act Now

Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rg Nbs2009G P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24116 CRITICAL POC THREAT Act Now

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rg Nbs2009G P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
28.2%
CVE-2024-9441 CRITICAL Act Now

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
53.5%
CVE-2024-44097 CRITICAL Act Now

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nest Doorbell Battery Firmware Nest Cam Outdoor Or Indoor Battery Firmware Nest Cam With Floodlight Firmware Nest Cam Indoor Wired Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-45186 CRITICAL Act Now

FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-20521 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-20520 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-20519 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-20518 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow RCE Rv042 Firmware +3
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-35293 CRITICAL Act Now

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy