Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8877 | SQL Injection vulnerability in Riello-Ups Netman 204 Firmware 02.05 Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. | 9.8 |
| 2024-09-25 | CVE-2024-8878 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05 The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05. | 9.8 |
| 2024-09-25 | CVE-2024-8940 | Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019 Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. | 9.8 |
| 2024-09-24 | CVE-2024-8624 | SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.9 |
| 2024-09-24 | CVE-2024-8671 | Path Traversal vulnerability in Exthemes Wooevents The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. | 9.1 |
| 2024-09-24 | CVE-2024-8791 | Authorization Bypass Through User-Controlled Key vulnerability in Wpcharitable Charitable The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. | 9.8 |
| 2024-09-23 | CVE-2024-7024 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2024-09-23 | CVE-2024-47222 | Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol. | 9.8 |
| 2024-09-23 | CVE-2024-0001 | Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | 9.8 |
| 2024-09-23 | CVE-2024-0002 | Unspecified vulnerability in Purestorage Purity//Fa A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | 9.8 |