Skip to main content
CVE-2024-35286 CRITICAL POC THREAT Act Now

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Node.js Micollab
NVD
CVSS 3.1
9.8
EPSS
65.6%
CVE-2024-48659 CRITICAL POC Act Now

An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Dcme 320 L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-41713 CRITICAL POC KEV THREAT Act Now

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Node.js Path Traversal Micollab
NVD
CVSS 3.1
9.1
EPSS
98.1%
CVE-2024-35314 CRITICAL Act Now

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Micollab Mivoice Business Solution Virtual Instance
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-35285 CRITICAL Act Now

A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Command Injection Micollab
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-48509 CRITICAL Act Now

Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Learning With Texts
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43689 CRITICAL Act Now

Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Wab I1750 Ps Firmware Wab S1167 Ps Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-40086 CRITICAL Act Now

A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-40085 CRITICAL Act Now

A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-40084 CRITICAL Act Now

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-40083 CRITICAL Act Now

A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-40087 CRITICAL Act Now

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-47223 CRITICAL Act Now

A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Micollab
NVD
CVSS 3.1
9.4
EPSS
0.5%
CVE-2024-40089 CRITICAL Act Now

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Vilo 5 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2024-47685 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy