Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-24 CVE-2024-40422 Path Traversal vulnerability in Stitionai Devika 1.0
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack.
network
low complexity
stitionai CWE-22
critical
 9.1
9.1
2024-07-24 CVE-2024-41914 A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface.
network
low complexity
CWE-79
critical
 9.0
9.0
2024-07-23 CVE-2024-38164 An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
network
low complexity
CWE-284
critical
 9.6
9.6
2024-07-23 CVE-2024-41319 Command Injection vulnerability in Totolink A6000R Firmware 1.0.1B20201211.2000
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2024-07-22 CVE-2024-26020 An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04.
network
low complexity
CWE-74
critical
 9.6
9.6
2024-07-22 CVE-2024-37391 Unspecified vulnerability in Proton Protonvpn
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
network
low complexity
proton
critical
 9.8
9.8
2024-07-22 CVE-2024-41703 Unspecified vulnerability in Librechat 0.7.4
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
network
low complexity
librechat
critical
 9.8
9.8
2024-07-22 CVE-2024-41704 Path Traversal vulnerability in Librechat 0.7.4
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.
network
low complexity
librechat CWE-22
critical
 9.8
9.8
2024-07-22 CVE-2024-6970 SQL Injection vulnerability in Tailoring Management System Project Tailoring Management System 1.0
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0.
network
low complexity
tailoring-management-system-project CWE-89
critical
 9.8
9.8
2024-07-22 CVE-2024-6966 SQL Injection vulnerability in Online Blood Bank Management System Project Online Blood Bank Management System 1.0
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical.
network
low complexity
online-blood-bank-management-system-project CWE-89
critical
 9.8
9.8