Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-46983 | Unspecified vulnerability in Antfin Sofa-Hessian sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. | 9.8 |
| 2024-09-19 | CVE-2024-46984 | XXE vulnerability in Gematik Reference Validator The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. | 9.8 |
| 2024-09-19 | CVE-2024-9008 | SQL Injection vulnerability in Mayurik Best Online News Portal 1.0 A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. | 9.8 |
| 2024-09-19 | CVE-2024-9004 | OS Command Injection vulnerability in Dlink Dar-7000 Firmware A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. | 9.8 |
| 2024-09-19 | CVE-2024-33109 | Path Traversal vulnerability in multiple products Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | 9.8 |
| 2024-09-19 | CVE-2024-40125 | Unrestricted Upload of File with Dangerous Type vulnerability in Closed-Loop Cless Server 4.5.2 An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | 9.8 |
| 2024-09-19 | CVE-2024-8963 | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |
| 2024-09-19 | CVE-2024-31570 | Out-of-bounds Write vulnerability in Freeimage Project Freeimage libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | 9.8 |
| 2024-09-19 | CVE-2024-47088 | Improper Restriction of Excessive Authentication Attempts vulnerability in Apexsoftcell LD DP Back Office and LD GEO This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. | 9.8 |
| 2024-09-18 | CVE-2024-46986 | Path Traversal vulnerability in Tuzitio Camaleon CMS Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. | 9.9 |