Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-15 CVE-2024-39736 Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
critical
9.8
2024-07-14 CVE-2024-6728 Unspecified vulnerability in Angeljudesuarez Tailoring Management System 1.0
A vulnerability was found in itsourcecode Tailoring Management System 1.0.
network
low complexity
angeljudesuarez
critical
9.8
2024-07-12 CVE-2024-39917 Improper Restriction of Excessive Authentication Attempts vulnerability in Neutrinolabs Xrdp
xrdp is an open source RDP server.
network
low complexity
neutrinolabs CWE-307
critical
9.8
2024-07-12 CVE-2024-40539 SQL Injection vulnerability in Codermy My-Springsecurity-Plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user.
network
low complexity
codermy CWE-89
critical
9.8
2024-07-12 CVE-2024-40540 SQL Injection vulnerability in Codermy My-Springsecurity-Plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept.
network
low complexity
codermy CWE-89
critical
9.8
2024-07-12 CVE-2024-40541 SQL Injection vulnerability in Codermy My-Springsecurity-Plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.
network
low complexity
codermy CWE-89
critical
9.8
2024-07-12 CVE-2024-40542 SQL Injection vulnerability in Codermy My-Springsecurity-Plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.
network
low complexity
codermy CWE-89
critical
9.8
2024-07-11 CVE-2024-6385 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
network
low complexity
gitlab
critical
9.8
2024-07-10 CVE-2024-5910 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Expedition
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment.
network
low complexity
paloaltonetworks CWE-306
critical
9.8
2024-07-10 CVE-2024-4879 Unspecified vulnerability in Servicenow Utah/Vancouver
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases.
network
low complexity
servicenow
critical
9.8