Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-7576 Deserialization of Untrusted Data vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
telerik CWE-502
critical
9.8
2024-09-25 CVE-2024-6592 Incorrect Authorization vulnerability in Watchguard Authentication Gateway and Single Sign-On Client
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.
network
low complexity
watchguard CWE-863
critical
9.1
2024-09-25 CVE-2024-6593 Incorrect Authorization vulnerability in Watchguard Authentication Gateway
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2.
network
low complexity
watchguard CWE-863
critical
9.1
2024-09-25 CVE-2024-8275 SQL Injection vulnerability in Stellarwp the Events Calendar
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
stellarwp CWE-89
critical
9.8
2024-09-25 CVE-2024-8485 Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated.
network
low complexity
jianbo CWE-639
critical
9.8
2024-09-25 CVE-2024-43423 Use of Hard-coded Credentials vulnerability in Doverfuelingsolutions products
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
network
low complexity
doverfuelingsolutions CWE-798
critical
9.8
2024-09-25 CVE-2024-43692 Unspecified vulnerability in Doverfuelingsolutions products
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
network
low complexity
doverfuelingsolutions
critical
9.8
2024-09-25 CVE-2024-43693 Command Injection vulnerability in Doverfuelingsolutions products
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
network
low complexity
doverfuelingsolutions CWE-77
critical
9.8
2024-09-25 CVE-2024-45066 Command Injection vulnerability in Doverfuelingsolutions products
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
network
low complexity
doverfuelingsolutions CWE-77
critical
9.8
2024-09-25 CVE-2024-8436 The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
critical
9.9