Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-08	CVE-2024-22394	Improper Authentication vulnerability in Sonicwall Sonicos 7.1.17040 An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. network low complexity sonicwall CWE-287 critical	9.8
2024-02-08	CVE-2024-24003	SQL Injection vulnerability in Jishenghua Jsherp 3.3 jshERP v3.3 is vulnerable to SQL Injection. network low complexity jishenghua CWE-89 critical	9.8
2024-02-08	CVE-2024-24014	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24017	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24021	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2023-48974	Cross-site Scripting vulnerability in Axigen Mail Server Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. network low complexity axigen CWE-79 critical	9.6
2024-02-08	CVE-2024-24018	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24023	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24024	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). network low complexity xxyopen CWE-434 critical	9.8
2024-02-08	CVE-2024-24025	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). network low complexity xxyopen CWE-434 critical	9.8

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities