Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-10 | CVE-2024-21524 | Out-of-bounds Read vulnerability in Magiclen Stringbuilder All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. | 9.1 |
| 2024-07-09 | CVE-2024-37873 | SQL Injection vulnerability in Itsourcecode Payroll Management System Project in PHP With Source Code 1.0 SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 |
| 2024-07-09 | CVE-2023-48194 | Unspecified vulnerability in Tenda Ac8V4 Firmware 16.03.34.09 Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. | 9.8 |
| 2024-07-09 | CVE-2024-38089 | Unspecified vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Elevation of Privilege Vulnerability | 9.9 |
| 2024-07-09 | CVE-2024-39171 | Path Traversal vulnerability in PHPvibe Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | 9.8 |
| 2024-07-09 | CVE-2024-27782 | Unspecified vulnerability in Fortinet Fortiaiops 2.0.0 Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests. | 9.8 |
| 2024-07-09 | CVE-2024-37934 | Unspecified vulnerability in Ninjaforms Ninja Forms Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | 9.8 |
| 2024-07-09 | CVE-2024-39872 | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 9.9 |
| 2024-07-09 | CVE-2024-37112 | Unspecified vulnerability in Wishlist Member Wishlist Member Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | 9.8 |
| 2024-07-09 | CVE-2024-37555 | Unspecified vulnerability in Zealousweb Generate PDF Using Contact Form 7 Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6. | 9.8 |