Skip to main content
CVE-2024-53507 CRITICAL POC Act Now

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-53506 CRITICAL POC Act Now

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-53505 CRITICAL POC Act Now

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-53504 CRITICAL POC Act Now

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Siyuan
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-11482 CRITICAL POC Act Now

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Enterprise Security Manager
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-36622 CRITICAL PATCH Act Now

In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection PHP Command Injection RCE Raspap Webgui
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-49806 CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-49805 CRITICAL Act Now

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-52782 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52781 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52780 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52779 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52778 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52777 CRITICAL Act Now

DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Dcme 720 Firmware Dcme 320 L Firmware Dcme 320 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48406 CRITICAL Act Now

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-36671 CRITICAL Act Now

nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-50357 CRITICAL Act Now

FutureNet NXR series routers provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2024-11979 CRITICAL Act Now

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-35366 CRITICAL PATCH Act Now

FFmpeg n6.1.1 is Integer Overflow. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-11992 CRITICAL Act Now

Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
9.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy