Skip to main content
CVE-2024-52714 CRITICAL POC Act Now

Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-52759 CRITICAL POC Act Now

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Di 8003 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2024-48694 CRITICAL POC Act Now

File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-52675 CRITICAL POC Act Now

SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sentiment Based Movie Rating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52402 CRITICAL Act Now

Cross-Site Request Forgery in the gunghoinc Exclusive Content Password Protect WordPress plugin (versions up to and including 1.1.0) enables remote attackers to coerce an authenticated administrator into performing actions that result in uploading a web shell to the server. No public exploit identified at time of analysis, but the EPSS score of 14.17% (94th percentile) indicates elevated probability of exploitation relative to most CVEs. Successful exploitation yields full server compromise via attacker-controlled code execution.

CSRF
NVD
CVSS 3.1
9.6
EPSS
14.2%
CVE-2024-42450 CRITICAL Act Now

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-52360 CRITICAL Act Now

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Concert
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48072 CRITICAL Act Now

Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi E Cology
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48070 CRITICAL Act Now

An issue in Weaver E-cology v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE E Cology
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48069 CRITICAL Act Now

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Race Condition E Cology
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-11036 CRITICAL Act Now

The The GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Gamipress
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52401 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.1.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2024-11069 CRITICAL Act Now

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wordpress Gdpr
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy