Skip to main content
CVE-2024-44812 CRITICAL POC Act Now

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Complaint Site
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-40494 CRITICAL POC Act Now

Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-40493 CRITICAL POC Act Now

Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference RCE Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-46483 CRITICAL Act Now

Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-48904 CRITICAL Act Now

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Trend Micro Cloud Edge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-43177 CRITICAL Act Now

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-43698 CRITICAL Act Now

Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-41717 CRITICAL Act Now

Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-9129 CRITICAL Act Now

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-48919 CRITICAL Act Now

Cursor is a code editor built for programming with AI. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-46902 CRITICAL Act Now

A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Deep Discovery Inspector
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2024-26519 CRITICAL Act Now

An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy