Skip to main content
CVE-2024-9463 CRITICAL POC KEV THREAT Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
CVSS 4.0
9.9
EPSS
98.4%
CVE-2024-9465 CRITICAL POC KEV THREAT Act Now

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Paloalto Expedition
NVD
CVSS 4.0
9.2
EPSS
99.6%
CVE-2024-45746 CRITICAL Act Now

An issue was discovered in Trusted Firmware-M through 2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25825 CRITICAL Act Now

FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass VMware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32608 CRITICAL Act Now

HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-47832 CRITICAL PATCH Act Now

ssoready is a single sign on provider implemented via docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Docker Ssoready
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-9464 CRITICAL Act Now

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Command Injection Expedition
NVD
CVSS 4.0
9.3
EPSS
81.7%
CVE-2024-45160 CRITICAL Act Now

Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy