Skip to main content
CVE-2023-46401 CRITICAL POC Act Now

KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Kwhotel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-46400 CRITICAL Act Now

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Kwhotel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55573 CRITICAL This Week

An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-57328 CRITICAL POC Act Now

A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Online Food Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-55194 CRITICAL POC Act Now

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Openimageio Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-55193 CRITICAL POC Act Now

OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-55192 CRITICAL POC Act Now

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Openimageio Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-53923 CRITICAL This Week

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-52330 CRITICAL POC Act Now

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot X2 Omni Firmware Deebot X2 Combo Firmware Deebot X2S Firmware Deebot X5 Pro Firmware +16
NVD
CVSS 4.0
9.5
EPSS
0.7%
CVE-2024-52329 CRITICAL POC Act Now

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Home
NVD
CVSS 4.0
9.5
EPSS
0.7%
CVE-2025-0637 CRITICAL This Week

It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-55971 CRITICAL This Week

SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2025-23006 CRITICAL KEV THREAT CERT-EU Act Now

SonicWall SMA1000 AMC and CMC contain a pre-authentication deserialization vulnerability allowing unauthenticated remote attackers to execute arbitrary OS commands on the management appliance.

Deserialization Sma8200V Sma6200 Firmware Sma6210 Firmware Sma7200 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
61.3%
CVE-2024-52975 CRITICAL This Week

An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy