Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-8877 SQL Injection vulnerability in Riello-Ups Netman 204 Firmware 02.05
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204.
network
low complexity
riello-ups CWE-89
critical
9.8
2024-09-25 CVE-2024-8878 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
network
low complexity
riello-ups CWE-640
critical
9.8
2024-09-25 CVE-2024-8940 Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request.
network
low complexity
scriptcase CWE-434
critical
9.8
2024-09-24 CVE-2024-8624 SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pluginus CWE-89
critical
9.9
2024-09-24 CVE-2024-8671 Path Traversal vulnerability in Exthemes Wooevents
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2.
network
low complexity
exthemes CWE-22
critical
9.1
2024-09-24 CVE-2024-8791 Authorization Bypass Through User-Controlled Key vulnerability in Wpcharitable Charitable
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14.
network
low complexity
wpcharitable CWE-639
critical
9.8
2024-09-23 CVE-2024-7024 Out-of-bounds Write vulnerability in Google Chrome
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google CWE-787
critical
9.6
2024-09-23 CVE-2024-47222 Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
network
low complexity
myoffice CWE-918
critical
9.8
2024-09-23 CVE-2024-0001 Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
network
low complexity
purestorage CWE-1188
critical
9.8
2024-09-23 CVE-2024-0002 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
network
low complexity
purestorage
critical
9.8