Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-37112 | Unspecified vulnerability in Wishlist Member Wishlist Member Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. | 9.8 |
| 2024-07-09 | CVE-2024-37555 | Unspecified vulnerability in Zealousweb Generate PDF Using Contact Form 7 Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6. | 9.8 |
| 2024-07-08 | CVE-2024-39677 | SQL Injection vulnerability in Nhibernate Nhibernate-Core NHibernate is an object-relational mapper for the .NET framework. | 9.8 |
| 2024-07-08 | CVE-2024-39742 | Incorrect Comparison vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. | 9.8 |
| 2024-07-08 | CVE-2024-27903 | Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | 9.8 |
| 2024-07-07 | CVE-2024-40614 | Unspecified vulnerability in Egroupware EGroupware before 23.1.20240624 mishandles an ORDER BY clause. | 9.8 |
| 2024-07-06 | CVE-2024-37260 | Unspecified vulnerability in Themeruby Foxiz Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5. | 9.3 |
| 2024-07-05 | CVE-2024-27712 | Unspecified vulnerability in Eskooly An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. | 9.8 |
| 2024-07-05 | CVE-2024-23997 | Cross-site Scripting vulnerability in Lukasbach Yana Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. | 9.6 |
| 2024-07-05 | CVE-2024-23998 | Cross-site Scripting vulnerability in Goanother Another Redis Desktop Manager goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. | 9.6 |