Skip to main content
CVE-2024-52295 CRITICAL POC PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Dataease
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2024-10575 CRITICAL PATCH Act Now

the network and potentially impacting connected devices. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Ecostruxure It Gateway
NVD
CVSS 4.0
10.0
EPSS
0.6%
CVE-2024-40404 CRITICAL Act Now

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43091 CRITICAL PATCH Act Now

In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52306 CRITICAL PATCH Act Now

FileManager provides a Backpack admin interface for files and folder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Filemanager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-48510 CRITICAL PATCH Act Now

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Prodotnetzip Dotnetzip Semverd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-11028 CRITICAL Act Now

The MultiManager WP - Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Multimanager Wp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-11150 CRITICAL Act Now

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal PHP WordPress User Extra Fields
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-10828 CRITICAL Act Now

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE WordPress PHP Advanced Order Export For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-10820 CRITICAL Act Now

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload Woocommerce Upload Files
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-8938 CRITICAL Act Now

cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-39712 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2024-39711 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2024-39710 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2024-38656 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2024-52300 CRITICAL Act Now

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mozilla Pdf Viewer Macro
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy