Skip to main content
CVE-2024-47407 CRITICAL POC THREAT Emergency

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
10.0
EPSS
64.2%
CVE-2024-5721 HIGH POC Act Now

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass RCE Unified Secops Platform
NVD
CVSS 3.1
8.1
EPSS
5.8%
CVE-2024-52802 HIGH POC This Week

RIOT is an operating system for internet of things (IoT) devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-9422 MEDIUM POC This Month

The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Geo My Wordpress Geo My Wordpress Premium Settings
NVD WPScan
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-52723 CRITICAL Act Now

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-52034 CRITICAL Act Now

An OS Command Injection vulnerability exists within myPRO Manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
10.0
EPSS
1.7%
CVE-2024-8807 CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-8806 CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-5716 CRITICAL PATCH Act Now

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Unified Secops Platform
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-37782 CRITICAL Act Now

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-53438 CRITICAL Act Now

EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48860 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
9.5
EPSS
1.5%
CVE-2024-38645 CRITICAL Act Now

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Notes Station 3
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-47138 CRITICAL Act Now

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.8%
CVE-2024-38643 CRITICAL Act Now

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Notes Station 3
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2024-45369 CRITICAL Act Now

The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2024-9254 HIGH This Week

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-11394 HIGH PATCH This Week

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Transformers
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-11393 HIGH PATCH This Week

Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Transformers
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2024-11392 HIGH POC PATCH This Week

Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Transformers
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
7.1%
CVE-2024-8809 HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-8808 HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-8805 HIGH This Week

BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Bluez
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-6249 HIGH This Week

Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Cam V3 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2024-6246 HIGH This Week

Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Cam V3 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-5722 HIGH This Week

Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Unified Secops Platform
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2024-5720 HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2024-5719 HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2024-5717 HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2024-50054 HIGH This Week

The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-48862 HIGH This Week

A link following vulnerability has been reported to affect QuLog Center. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qulog Center
NVD
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-38644 HIGH This Week

An OS command injection vulnerability has been reported to affect Notes Station 3. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Notes Station 3
NVD
CVSS 4.0
8.7
EPSS
1.6%
CVE-2024-38646 HIGH This Week

An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. Rated high severity (CVSS 8.4). No vendor patch available.

Information Disclosure Notes Station 3
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-9710 HIGH PATCH This Week

PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Posthog
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-7837 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.11.2024. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-5718 HIGH This Week

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass RCE Unified Secops Platform
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2024-10220 HIGH PATCH This Week

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Kubernetes
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2024-41779 HIGH This Week

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Engineering Systems Design Rhapsody
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-11601 HIGH PATCH This Week

The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress CSRF Sky Addons For Elementor
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-11104 HIGH PATCH This Week

The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Denial Of Service Sky Addons For Elementor
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-31408 HIGH This Week

OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.0
8.0
EPSS
1.1%
CVE-2024-38647 HIGH This Week

An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnap Ai Core
NVD
CVSS 4.0
7.9
EPSS
0.6%
CVE-2024-9767 HIGH This Week

IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Irfanview
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9261 HIGH This Week

IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Irfanview
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9260 HIGH This Week

IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-9259 HIGH This Week

IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Irfanview
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-9258 HIGH This Week

IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Irfanview
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9255 HIGH This Week

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-9252 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9251 HIGH This Week

Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy