Skip to main content
CVE-2024-51252 CRITICAL POC Act Now

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51431 CRITICAL POC Act Now

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bl Wr1300H Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43919 CRITICAL POC THREAT Act Now

Access Control vulnerability in YARPP YARPP allows .30.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Yet Another Related Posts Plugin
NVD GitHub
CVSS 3.1
9.8
EPSS
43.6%
CVE-2024-7456 CRITICAL POC Act Now

A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lunary
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-28265 CRITICAL POC Act Now

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ibos
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-43998 CRITICAL Act Now

Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Blogpoet
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-43980 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fotawp
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43979 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Blockbooster
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43974 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Revivenews
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43929 CRITICAL Act Now

Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jobsearch Wp Job Board
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43923 CRITICAL Act Now

Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Timetics
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43341 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hello Agency
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43323 CRITICAL Act Now

Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.6.28. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Reviewx
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43274 CRITICAL Act Now

Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Js Help Desk
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39650 CRITICAL Act Now

Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Pdf Vouchers
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38748 CRITICAL Act Now

Access Control vulnerability in TheInnovs EleForms allows .9.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eleforms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37470 CRITICAL Act Now

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Woffice
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37463 CRITICAL Act Now

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Crm Perks Forms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-37277 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paid Memberships Pro
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37119 CRITICAL Act Now

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.3.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Uncanny Automator
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37094 CRITICAL Act Now

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Masterstudy Lms
NVD
CVSS 3.1
9.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy