Skip to main content
CVE-2024-44102 CRITICAL PATCH Act Now

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Telecontrol Server Basic
NVD
CVSS 4.0
10.0
EPSS
1.0%
CVE-2024-43602 CRITICAL PATCH Act Now

Azure CycleCloud Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass RCE Microsoft Azure Cyclecloud
NVD
CVSS 3.1
9.9
EPSS
2.2%
CVE-2024-50386 CRITICAL Act Now

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Cloudstack
NVD
CVSS 3.1
9.9
EPSS
1.4%
CVE-2024-28729 CRITICAL Act Now

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE Dwr 2000M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-26011 CRITICAL Act Now

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortios Fortipam Fortiproxy +3
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43639 CRITICAL PATCH Act Now

Windows KDC Proxy Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-43498 CRITICAL PATCH Act Now

.NET and Visual Studio Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Net Visual Studio 2022
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2024-49369 CRITICAL PATCH Act Now

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Icinga Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-50330 CRITICAL Act Now

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
40.5%
CVE-2024-10245 CRITICAL Act Now

The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-46890 CRITICAL Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Sinec Ins
NVD
CVSS 4.0
9.4
EPSS
0.7%
CVE-2024-46888 CRITICAL Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Sinec Ins
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-8074 CRITICAL Act Now

Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.10.2024. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-10218 CRITICAL Act Now

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS XXE
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-10217 CRITICAL Act Now

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-10943 CRITICAL Act Now

An authentication bypass vulnerability exists in the affected product. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.1
EPSS
0.5%
CVE-2024-43415 CRITICAL PATCH Act Now

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy