Skip to main content
CVE-2024-53704 CRITICAL POC KEV THREAT Emergency

SonicWall SonicOS SSLVPN contains an authentication bypass vulnerability allowing remote attackers to bypass authentication mechanisms and gain unauthorized VPN access to protected networks.

Authentication Bypass Sonicos
NVD
CVSS 3.1
9.8
EPSS
93.9%
Threat
7.8
CVE-2023-28354 CRITICAL Act Now

An issue was discovered in Opsview Monitor Agent 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
15.1%
CVE-2025-22504 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.2.18. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-54724 CRITICAL Act Now

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-11642 CRITICAL Act Now

The Post Grid Master - Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Path Traversal RCE WordPress
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-22542 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.0.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-22540 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.4.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-55225 CRITICAL PATCH This Week

An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vaultwarden
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-55224 CRITICAL POC PATCH Act Now

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Vaultwarden
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-46505 CRITICAL This Week

Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-13285 CRITICAL This Week

Vulnerability in Drupal wkhtmltopdf.*. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wkhtmltopdf Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13281 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.0.0 before 9.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Monster Menus Drupal
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-13280 CRITICAL PATCH This Week

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.0.0 before 1.8.0, from 2.0.* before 2.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Persistent Login Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13279 CRITICAL PATCH This Week

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.0.0 before 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Two Factor Authentication Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13278 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.0.0 before 1.8.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Diff Drupal
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-13277 CRITICAL This Week

Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.X-1.0 before 7.X-1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Ip Ban Drupal
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-13264 CRITICAL PATCH This Week

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.0.0 before 3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP Opigno Module Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-10215 CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpbookit
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-13258 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.0.0 before 2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rest Json Api Authentication Drupal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-13253 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.0.0 before 1.5.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Advanced Pwa Inc Push Notifications Drupal
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-13242 CRITICAL This Week

Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.*. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Swift Mailer Drupal
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-13241 CRITICAL This Week

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.0.0 before 12.0.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open Social Drupal
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-13239 CRITICAL PATCH This Week

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.0.0 before 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Two Factor Authentication Drupal
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-21628 CRITICAL PATCH This Week

Chatwoot is a customer engagement suite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Chatwoot
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-12802 CRITICAL This Week

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sonicwall
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-43657 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: High. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-43656 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: Moderate - It might be difficult for an attacker to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-43655 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: Moderate - The attacker will first need to find the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.2%
CVE-2024-43654 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root Likelihood: Moderate - The. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.9%
CVE-2024-43653 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root Likelihood: Moderate - The <redacted> binary does not seem to be. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.9%
CVE-2024-43652 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root It seems to be largely the same binary as used by the Iocharger. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.5%
CVE-2024-43651 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root It seems to be largely the same binary as used by the Iocharger. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.5%
CVE-2024-43650 CRITICAL This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.7%
CVE-2024-43649 CRITICAL This Week

Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
1.7%
CVE-2024-43648 CRITICAL This Week

Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
2.0%
CVE-2024-40765 CRITICAL This Week

An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Integer Overflow Denial Of Service
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-40762 CRITICAL This Week

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy