Skip to main content
CVE-2024-48411 CRITICAL POC Act Now

itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Tours Travels Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48283 CRITICAL POC Act Now

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47945 CRITICAL POC Act Now

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iot Interface Firmware Cmc Iii Processing Units Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48914 CRITICAL POC PATCH THREAT Act Now

Vendure is an open-source headless commerce platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
59.8%
CVE-2024-9486 CRITICAL PATCH Act Now

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-48782 CRITICAL Act Now

File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-48781 CRITICAL Act Now

An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48779 CRITICAL Act Now

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-21216 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-45275 CRITICAL Act Now

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mbnet Mini Firmware Rex 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-45274 CRITICAL Act Now

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mbnet Mini Firmware Rex 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-9985 CRITICAL Act Now

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Enterprise Cloud Database
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9984 CRITICAL Act Now

Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Cloud Database
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-9925 CRITICAL Act Now

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qplant Sf
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-47943 CRITICAL Act Now

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9982 CRITICAL Act Now

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-9972 CRITICAL Act Now

Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-10004 CRITICAL Act Now

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-49388 CRITICAL Act Now

Sensitive information manipulation due to improper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Cyber Protect
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-21172 CRITICAL Act Now

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Hospitality Opera 5
NVD
CVSS 3.1
9.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy