Skip to main content
CVE-2024-44852 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-41650 CRITICAL POC Act Now

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41649 CRITICAL POC Act Now

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41648 CRITICAL POC Act Now

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41647 CRITICAL POC Act Now

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41646 CRITICAL POC Act Now

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41645 CRITICAL POC Act Now

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41644 CRITICAL POC Act Now

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-38927 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38926 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38925 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38924 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-38923 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-38922 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38921 CRITICAL POC Act Now

Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Robot Operating System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-54747 CRITICAL POC Act Now

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wn531P3 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54745 CRITICAL POC Act Now

WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wn701Ae Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54136 CRITICAL POC PATCH Act Now

ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization PHP Clipbucket
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-54135 HIGH POC PATCH This Week

ClipBucket V5 provides open source video hosting with PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization PHP Clipbucket
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-10516 HIGH POC This Week

The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Path Traversal PHP WordPress RCE Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
6.5%
CVE-2024-44856 HIGH POC This Week

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Robot Operating System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-44855 HIGH POC This Week

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Robot Operating System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-44854 HIGH POC This Week

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Robot Operating System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-44853 HIGH POC This Week

Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Robot Operating System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-54141 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PostgreSQL PHP Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11738 HIGH POC PATCH This Week

A flaw was found in Rustls 0.23.13 and related APIs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rustls
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-11728 HIGH POC PATCH THREAT This Week

The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Kivicare
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
13.5%
CVE-2024-12155 CRITICAL Act Now

The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2024-54214 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.18. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-55268 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Covid 19 Testing Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-50677 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oroplatform
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-50387 CRITICAL Act Now

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qnap Smb Service
NVD
CVSS 4.0
10.0
EPSS
10.1%
CVE-2024-54750 CRITICAL Act Now

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ubiquiti
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-50389 CRITICAL Act Now

A SQL injection vulnerability has been reported to affect QuRouter. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qurouter
NVD
CVSS 4.0
9.5
EPSS
0.8%
CVE-2024-50388 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Hybrid Backup Sync
NVD
CVSS 4.0
9.5
EPSS
2.3%
CVE-2024-51615 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Marka WordPress Auction Plugin wp-auctions allows SQL Injection.7. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-48874 CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Reyee Os
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-52320 CRITICAL Act Now

The affected product is vulnerable to a command injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.3%
CVE-2024-48871 CRITICAL Act Now

The affected product is vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 4.0
9.3
EPSS
1.4%
CVE-2024-47547 CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reyee Os
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-54143 CRITICAL Act Now

openwrt/asu is an image on demand server for OpenWrt based distributions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
1.9%
CVE-2024-52335 CRITICAL Act Now

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-52324 CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reyee Os
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2024-46874 CRITICAL Act Now

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Reyee Os
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-53810 CRITICAL Act Now

Missing Authorization vulnerability in N-Media Simple User Registration wp-registration allows Accessing Functionality Not Properly Constrained by ACLs.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-51815 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member allows Code Injection. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-10773 CRITICAL Act Now

The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-0130 HIGH This Week

NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Nvidia Denial Of Service
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-48703 MEDIUM POC This Month

PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Medical Card Generation System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-10772 HIGH This Week

Since the firmware update is not validated, an attacker can install modified firmware on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy