Skip to main content
CVE-2024-54879 CRITICAL POC Act Now

SeaCMS V13.1 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seacms
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2024-53932 CRITICAL This Week

The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-53931 CRITICAL This Week

The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-56828 CRITICAL POC Act Now

File Upload vulnerability in ChestnutCMS through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55529 CRITICAL This Week

Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Z Blogphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-54880 CRITICAL POC Act Now

SeaCMS V13.1 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seacms
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2024-46622 CRITICAL This Week

An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-21613 CRITICAL PATCH This Week

go-git is a highly extensible git implementation library written in pure Go. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Go Git Red Hat Suse
NVD GitHub
CVSS 4.0
9.2
EPSS
2.9%
CVE-2024-5594 CRITICAL PATCH This Week

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Openvpn Suse
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-20148 CRITICAL This Week

In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Yocto Software Development Kit +2
NVD
CVSS 3.1
9.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy