Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2024-38983 Unspecified vulnerability in Alykoshin Mini-Deep-Assign 0.0.8
Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91)
network
low complexity
alykoshin
critical
 9.8
9.8
2024-07-30 CVE-2024-7273 Unspecified vulnerability in Adonesevangelista Restaurant Management System 1.0
A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0.
network
low complexity
adonesevangelista
critical
 9.8
9.8
2024-07-30 CVE-2024-36572 Unspecified vulnerability in Allpro Formmanager Data Handler 0.7.4
Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue.
network
low complexity
allpro
critical
 9.8
9.8
2024-07-30 CVE-2024-38984 Unspecified vulnerability in Lukebond Json-Override 0.2.0
Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property.
network
low complexity
lukebond
critical
 9.8
9.8
2024-07-30 CVE-2024-38986 Unspecified vulnerability in 75Lb Deep-Merge 1.1.1
Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.
network
low complexity
75lb
critical
 9.8
9.8
2024-07-30 CVE-2024-39010 Unspecified vulnerability in Chasemoskal Snapstate 0.0.9
chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty.
network
low complexity
chasemoskal
critical
 9.8
9.8
2024-07-30 CVE-2024-39011 Unspecified vulnerability in Chargeover Redoc 2.0.9
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects.
network
low complexity
chargeover
critical
 9.8
9.8
2024-07-30 CVE-2024-39012 Unspecified vulnerability in AIS Strategyen 0.4.0
ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects.
network
low complexity
ais
critical
 9.8
9.8
2024-07-30 CVE-2024-3930 XXE vulnerability in Perforce Akana API
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
network
low complexity
perforce CWE-611
critical
 9.8
9.8
2024-07-30 CVE-2024-6699 Unspecified vulnerability in Mikafon MA7 Firmware
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc.
network
low complexity
mikafon
critical
 9.8
9.8