Skip to main content
CVE-2024-10924 CRITICAL POC PATCH THREAT Act Now

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Really Simple Security
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
81.7%
CVE-2024-50649 CRITICAL POC Act Now

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Python Book
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-50648 CRITICAL POC Act Now

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Yshopmall
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-10443 CRITICAL POC THREAT Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Synology Photos Beephotos
NVD
CVSS 3.1
9.8
EPSS
28.4%
CVE-2024-11120 CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Vs12 Firmware Gv Vs11 Firmware Gv Dsp Lpr Firmware Gvlx 4 Firmware
NVD
CVSS 3.1
9.8
EPSS
28.6%
CVE-2024-51164 CRITICAL POC Act Now

Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jepaas
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-44758 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload Nus M9 Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-45971 CRITICAL PATCH Act Now

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-45970 CRITICAL PATCH Act Now

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-50724 CRITICAL Act Now

KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-52528 CRITICAL Act Now

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-10934 CRITICAL PATCH Act Now

In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openbsd
NVD
CVSS 4.0
9.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy