Skip to main content
CVE-2024-51366 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51367 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection File Upload RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-52803 CRITICAL POC PATCH Act Now

LLama Factory enables fine-tuning of large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Command Injection Llama Factory
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-51151 CRITICAL POC THREAT Act Now

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
29.7%
CVE-2024-8525 CRITICAL Act Now

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
10.0
EPSS
1.4%
CVE-2024-29224 CRITICAL Act Now

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2024-28892 CRITICAL Act Now

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2024-21855 CRITICAL Act Now

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gocast
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-52052 CRITICAL Act Now

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Streaming Engine
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-30896 CRITICAL POC Act Now

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
5.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy