Skip to main content
CVE-2024-46535 CRITICAL POC Act Now

Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jepaas
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48257 CRITICAL POC PATCH Act Now

Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Wavelog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-48251 CRITICAL POC PATCH Act Now

Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Wavelog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48823 CRITICAL Act Now

Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48168 CRITICAL Act Now

A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE D-Link Dcs 960L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48153 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48150 CRITICAL Act Now

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48255 CRITICAL Act Now

Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Cloudlog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48253 CRITICAL Act Now

Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Cloudlog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-9924 CRITICAL Act Now

The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-9921 CRITICAL Act Now

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Team Pro
NVD
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy