Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-7012 | Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. | 9.8 |
| 2024-09-04 | CVE-2024-7923 | Unspecified vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. | 9.8 |
| 2024-09-04 | CVE-2024-8408 | Out-of-bounds Write vulnerability in Linksys Wrt54G Firmware 4.21.5 A vulnerability was found in Linksys WRT54G 4.21.5. | 9.8 |
| 2024-09-04 | CVE-2024-44400 | Command Injection vulnerability in Dlink Di-8400 Firmware 16.07.26A1 A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. | 9.8 |
| 2024-09-04 | CVE-2024-45507 | Unspecified vulnerability in Apache Ofbiz Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 9.8 |
| 2024-09-04 | CVE-2024-8289 | Missing Authorization vulnerability in Multivendorx The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. | 9.8 |
| 2024-09-04 | CVE-2024-34657 | Out-of-bounds Write vulnerability in Samsung Notes Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. | 9.8 |
| 2024-09-04 | CVE-2024-6926 | SQL Injection vulnerability in Wow-Company Viral Signup The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | 9.8 |
| 2024-09-04 | CVE-2024-45443 | Path Traversal vulnerability in Huawei Emui and Harmonyos Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 9.1 |
| 2024-09-04 | CVE-2024-7950 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. | 9.8 |