Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-08 | CVE-2024-39677 | SQL Injection vulnerability in Nhibernate Nhibernate-Core NHibernate is an object-relational mapper for the .NET framework. | 9.8 |
| 2024-07-08 | CVE-2024-39742 | Incorrect Comparison vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. | 9.8 |
| 2024-07-08 | CVE-2024-27903 | Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | 9.8 |
| 2024-07-07 | CVE-2024-40614 | Unspecified vulnerability in Egroupware EGroupware before 23.1.20240624 mishandles an ORDER BY clause. | 9.8 |
| 2024-07-06 | CVE-2024-37260 | Unspecified vulnerability in Themeruby Foxiz Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5. | 9.3 |
| 2024-07-05 | CVE-2024-27712 | Unspecified vulnerability in Eskooly An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. | 9.8 |
| 2024-07-05 | CVE-2024-23997 | Cross-site Scripting vulnerability in Lukasbach Yana Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. | 9.6 |
| 2024-07-05 | CVE-2024-23998 | Cross-site Scripting vulnerability in Goanother Another Redis Desktop Manager goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. | 9.6 |
| 2024-07-05 | CVE-2024-29319 | Server-Side Request Forgery (SSRF) vulnerability in Personal-Management-System Personal Management System 1.4.64 Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. | 9.8 |
| 2024-07-05 | CVE-2024-37768 | Unspecified vulnerability in B1Ackc4T 14Finger 1.1 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. | 9.1 |