Skip to main content
CVE-2024-48237 CRITICAL POC Act Now

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Wtcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48581 CRITICAL POC Act Now

File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE File Upload Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-48580 CRITICAL POC Act Now

SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48579 CRITICAL POC Act Now

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE SQLi Best House Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48428 CRITICAL POC Act Now

An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Olivevle
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-49753 CRITICAL POC PATCH Act Now

Zitadel is open-source identity infrastructure software. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zitadel
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-48204 CRITICAL Act Now

SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-9302 CRITICAL PATCH Act Now

The App Builder - Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Apple WordPress Google App Builder
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47406 CRITICAL Act Now

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass E Studio1058 Firmware E Studio1208 Firmware E Studio908 Firmware Bp 90C70 Firmware +316
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9488 CRITICAL PATCH Act Now

The Comments - wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wpdiscuz
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-10386 CRITICAL Act Now

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinmanager
NVD
CVSS 4.0
9.3
EPSS
16.6%
CVE-2024-10381 CRITICAL Act Now

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cosec Vega Faxq Firmware
NVD
CVSS 4.0
9.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy