Skip to main content
CVE-2024-45944 CRITICAL POC Act Now

In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-9264 CRITICAL POC PATCH THREAT Act Now

The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Grafana
NVD
CVSS 4.0
9.4
EPSS
97.8%
CVE-2024-10119 CRITICAL Act Now

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wrtm326 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-10118 CRITICAL Act Now

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-9537 CRITICAL KEV THREAT Act Now

ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sl1
NVD
CVSS 4.0
9.3
EPSS
3.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy