2024-02-15 | CVE-2024-23479 | Path Traversal vulnerability in Solarwinds Access Rights Manager SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. | 9.6 |
2024-02-15 | CVE-2023-5155 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8. network low complexity CWE-89 critical | 9.8 |
2024-02-15 | CVE-2023-7081 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSIL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024. network low complexity CWE-89 critical | 9.8 |
2024-02-15 | CVE-2024-20719 | Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. | 9.1 |
2024-02-15 | CVE-2024-20720 | OS Command Injection vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6 Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. | 9.1 |
2024-02-15 | CVE-2024-23113 | Use of Externally-Controlled Format String vulnerability in Fortinet products A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. | 9.8 |
2024-02-15 | CVE-2024-20738 | Improper Authentication vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. | 9.8 |
2024-02-15 | CVE-2024-26260 | The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. network low complexity CWE-78 critical | 9.8 |
2024-02-15 | CVE-2024-26261 | The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. network low complexity CWE-22 critical | 9.8 |
2024-02-15 | CVE-2024-26264 | EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. network low complexity CWE-89 critical | 9.8 |