Skip to main content
CVE-2024-55509 CRITICAL POC Act Now

SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Complaint Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-56337 CRITICAL PATCH Act Now

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Java Information Disclosure Bootstrap Os
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2024-12571 CRITICAL Act Now

The Store Locator for WordPress with Google Maps - LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google PHP WordPress RCE LFI +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-56333 CRITICAL Act Now

Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Code Injection RCE Denial Of Service
NVD GitHub
CVSS 4.0
9.4
EPSS
0.6%
CVE-2024-56330 CRITICAL Act Now

Stardust is a platform for streaming isolated desktop containers. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-51466 CRITICAL PATCH Act Now

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

IBM Denial Of Service Cognos Analytics
NVD
CVSS 3.1
9.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy