Skip to main content
CVE-2024-47407 CRITICAL POC THREAT Emergency

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
10.0
EPSS
64.2%
CVE-2024-52723 CRITICAL Act Now

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-52034 CRITICAL Act Now

An OS Command Injection vulnerability exists within myPRO Manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
10.0
EPSS
1.7%
CVE-2024-8807 CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-8806 CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-5716 CRITICAL PATCH Act Now

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Unified Secops Platform
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-37782 CRITICAL Act Now

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-53438 CRITICAL Act Now

EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48860 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
CVSS 4.0
9.5
EPSS
1.5%
CVE-2024-38645 CRITICAL Act Now

A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Notes Station 3
NVD
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-47138 CRITICAL Act Now

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.8%
CVE-2024-38643 CRITICAL Act Now

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Notes Station 3
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2024-45369 CRITICAL Act Now

The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy