Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-10 | CVE-2024-5217 | Incorrect Comparison vulnerability in Servicenow Utah/Vancouver ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. | 9.8 |
| 2024-07-10 | CVE-2024-21524 | Out-of-bounds Read vulnerability in Magiclen Stringbuilder All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. | 9.1 |
| 2024-07-09 | CVE-2024-37873 | SQL Injection vulnerability in Itsourcecode Payroll Management System Project in PHP With Source Code 1.0 SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 |
| 2024-07-09 | CVE-2023-48194 | Unspecified vulnerability in Tenda Ac8V4 Firmware 16.03.34.09 Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. | 9.8 |
| 2024-07-09 | CVE-2024-38089 | Unspecified vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Elevation of Privilege Vulnerability | 9.9 |
| 2024-07-09 | CVE-2024-39171 | Path Traversal vulnerability in PHPvibe Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. | 9.8 |
| 2024-07-09 | CVE-2024-27782 | Unspecified vulnerability in Fortinet Fortiaiops 2.0.0 Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests. | 9.8 |
| 2024-07-09 | CVE-2024-37934 | Unspecified vulnerability in Ninjaforms Ninja Forms Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4. | 9.8 |
| 2024-07-09 | CVE-2024-39872 | Unspecified vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 9.9 |
| 2024-07-09 | CVE-2024-3596 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. | 9.0 |