Skip to main content
CVE-2024-51115 CRITICAL POC Act Now

DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dcme 320 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-51132 CRITICAL POC PATCH Act Now

An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-51358 CRITICAL Act Now

An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48746 CRITICAL Act Now

An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48176 CRITICAL Act Now

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lylme Spage
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42509 CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-10687 CRITICAL PATCH Act Now

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery - Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Contest Gallery
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47460 CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.0
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy