Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-25 | CVE-2024-4884 | Command Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | 9.8 |
| 2024-06-25 | CVE-2024-4885 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | 9.8 |
| 2024-06-25 | CVE-2024-6308 | SQL Injection vulnerability in Clivedelacruz Simple Online Hotel Reservation System 1.0 A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. | 9.8 |
| 2024-06-25 | CVE-2024-5988 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | 9.8 |
| 2024-06-25 | CVE-2024-5989 | Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | 9.8 |
| 2024-06-25 | CVE-2024-5805 | Improper Authentication vulnerability in Progress Moveit Gateway 2024.0 Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. | 9.1 |
| 2024-06-25 | CVE-2024-4641 | Use of Externally-Controlled Format String vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. | 9.8 |
| 2024-06-24 | CVE-2024-33879 | Path Traversal vulnerability in Virtosoftware Sharepoint Bulk File Download 5.5.44 An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. | 9.8 |
| 2024-06-24 | CVE-2024-37089 | Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. | 9.8 |
| 2024-06-24 | CVE-2024-6280 | Unspecified vulnerability in Oretnom23 Simple Online Bidding System 1.0 A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. | 9.8 |