Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-6805 Missing Authorization vulnerability in NI Veristand
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources.
network
low complexity
ni CWE-862
critical
 9.8
9.8
2024-07-22 CVE-2024-6806 Missing Authorization vulnerability in NI Veristand
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources.
network
low complexity
ni CWE-862
critical
 9.8
9.8
2024-07-22 CVE-2024-6912 Use of Hard-coded Credentials vulnerability in Perkinelmer Processplus
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.
network
low complexity
perkinelmer CWE-798
critical
 9.8
9.8
2024-07-22 CVE-2024-39685 OS Command Injection vulnerability in Fish.Audio Bert-Vits2
Bert-VITS2 is the VITS2 Backbone with multilingual bert.
network
low complexity
fish-audio CWE-78
critical
 9.8
9.8
2024-07-22 CVE-2024-39686 OS Command Injection vulnerability in Fishaudio Bert-Vits2
Bert-VITS2 is the VITS2 Backbone with multilingual bert.
network
low complexity
fishaudio CWE-78
critical
 9.8
9.8
2024-07-22 CVE-2024-41827 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
network
low complexity
jetbrains CWE-613
critical
 9.8
9.8
2024-07-22 CVE-2024-38759 Unspecified vulnerability in Wp-Media Search & Replace
Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2.
network
low complexity
wp-media
critical
 9.8
9.8
2024-07-22 CVE-2024-38773 SQL Injection vulnerability in Formlift for Infusionsoft web Forms
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17.
network
low complexity
formlift CWE-89
critical
 9.8
9.8
2024-07-22 CVE-2024-41703 Unspecified vulnerability in Librechat
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
network
low complexity
librechat
critical
 9.8
9.8
2024-07-22 CVE-2024-41704 Path Traversal vulnerability in Librechat
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.
network
low complexity
librechat CWE-22
critical
 9.8
9.8