Skip to main content
CVE-2024-37863 CRITICAL Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37861 CRITICAL Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-53442 CRITICAL Act Now

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-41579 CRITICAL Act Now

DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54221 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking fat-services-booking.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-6516 CRITICAL POC Act Now

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-51555 CRITICAL Act Now

Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51551 CRITICAL Act Now

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware Aspect Ent 96 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-51550 CRITICAL POC Act Now

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Code Injection Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-51549 CRITICAL Act Now

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-51545 CRITICAL Act Now

Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-48845 CRITICAL POC Act Now

Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Abb Brute Force Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
1.8%
CVE-2024-48840 CRITICAL POC Act Now

Unauthorized Access vulnerabilities allow Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection Abb RCE Aspect Ent 2 Firmware +18
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.1%
CVE-2024-48839 CRITICAL POC Act Now

Improper Input Validation vulnerability allows Remote Code Execution. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Abb RCE Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
2.8%
CVE-2024-11317 CRITICAL Act Now

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Session Fixation Information Disclosure Aspect Ent 2 Firmware Aspect Ent 256 Firmware +17
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-54130 CRITICAL Act Now

The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-54129 CRITICAL Act Now

The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-38920 CRITICAL Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy