Skip to main content
CVE-2024-44349 CRITICAL POC Act Now

A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2024-8943 CRITICAL POC Act Now

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Latepoint
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-8911 CRITICAL POC Act Now

The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Latepoint
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-43488 CRITICAL PATCH Act Now

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass RCE Visual Studio Code
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-43468 CRITICAL KEV THREAT Act Now

Microsoft Configuration Manager Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Microsoft Configuration Manager 2403 Configuration Manager 2409 +1
NVD
CVSS 3.1
9.8
EPSS
60.7%
CVE-2024-47010 CRITICAL Act Now

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
38.0%
CVE-2024-47009 CRITICAL Act Now

Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-45918 CRITICAL Act Now

Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-3057 CRITICAL Act Now

A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-8884 CRITICAL Act Now

could cause exposure of credentials when attacker has access to application on network over http. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47553 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity.

RCE Sinec Security Monitor
NVD
CVSS 4.0
9.4
EPSS
0.8%
CVE-2024-47562 CRITICAL Act Now

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Sinec Security Monitor
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-41798 CRITICAL Act Now

A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-43591 CRITICAL PATCH Act Now

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Microsoft Azure Command Line Interface Azure Service Connector
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-38124 CRITICAL PATCH Act Now

Windows Netlogon Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
9.0
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy