Skip to main content
CVE-2024-49681 CRITICAL Emergency

SQL injection in the WP Sessions Time Monitoring Full Automatic WordPress plugin (versions up to and including 1.0.9) allows remote unauthenticated attackers to inject crafted SQL into backend queries, exposing sensitive WordPress database contents and degrading availability. No public exploit identified at time of analysis, but the EPSS percentile of 98% (51.33% probability) places this in the top tier of vulnerabilities likely to be exploited in the next 30 days.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
51.3%
CVE-2024-46478 CRITICAL POC PATCH Act Now

HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-47883 CRITICAL POC PATCH Act Now

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE Path Traversal XSS Butterfly
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-48538 CRITICAL Act Now

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48539 CRITICAL Act Now

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-41618 CRITICAL Act Now

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41617 CRITICAL Act Now

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-48514 CRITICAL PATCH Act Now

php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-44206 CRITICAL Act Now

An issue in the handling of URL protocols was addressed with improved logic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-48548 CRITICAL Act Now

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-48145 CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48144 CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48143 CRITICAL Act Now

A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy