Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-7495 | Unrestricted Upload of File with Dangerous Type vulnerability in Itsourcecode Laravel Accounting System 1.0 A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. | 9.8 |
| 2024-08-05 | CVE-2024-7494 | SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. | 9.8 |
| 2024-08-05 | CVE-2024-42008 | Cross-site Scripting vulnerability in Roundcube Webmail A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. | 9.3 |
| 2024-08-05 | CVE-2024-42009 | Cross-site Scripting vulnerability in Roundcube Webmail A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | 9.3 |
| 2024-08-05 | CVE-2024-38856 | Unspecified vulnerability in Apache Ofbiz Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | 9.8 |
| 2024-08-05 | CVE-2024-42447 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Fab 1.2.0/1.2.1 Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. | 9.8 |
| 2024-08-05 | CVE-2024-41889 | Unspecified vulnerability in Pimax Pitool and Play Multiple Pimax products accept WebSocket connections from unintended endpoints. | 9.8 |
| 2024-08-05 | CVE-2024-6118 | Insufficiently Protected Credentials vulnerability in Hamastar Meetinghub Paperless Meetings 2021 A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | 9.1 |
| 2024-08-05 | CVE-2024-7469 | OS Command Injection vulnerability in Raisecom products A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. | 9.8 |
| 2024-08-05 | CVE-2024-7470 | OS Command Injection vulnerability in Raisecom products A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. | 9.8 |