Skip to main content
CVE-2024-41593 CRITICAL Act Now

DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Vigor3912 Firmware Vigor2962 Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-7826 CRITICAL Act Now

Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.1.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Secureanywhere Web Shield
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7825 CRITICAL Act Now

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Memory Corruption Secureanywhere Web Shield
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7824 CRITICAL Act Now

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Memory Corruption Secureanywhere Web Shield
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-45367 CRITICAL Act Now

The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-43699 CRITICAL Act Now

Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Diaenergie
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-41925 CRITICAL Act Now

The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-41988 CRITICAL Act Now

TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-47561 CRITICAL PATCH Act Now

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Apache Java Avro +2
NVD
CVSS 4.0
9.2
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy