Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-5153 | Path Traversal vulnerability in Web-Shop-Host Startklar Elmentor Addons 1.7.15 The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. | 9.8 |
| 2024-06-05 | CVE-2024-5653 | Unspecified vulnerability in Changjietong T+ 3.5 A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. | 9.8 |
| 2024-06-05 | CVE-2024-5171 | Integer Overflow or Wraparound vulnerability in Aomedia Libaom Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. | 9.8 |
| 2024-06-05 | CVE-2024-5184 | Injection vulnerability in Emailgpt The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. | 9.1 |
| 2024-06-05 | CVE-2024-24790 | Unspecified vulnerability in Golang GO The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | 9.8 |
| 2024-06-05 | CVE-2024-5526 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. | 9.1 |
| 2024-06-05 | CVE-2024-4295 | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-06-05 | CVE-2024-5262 | Files or Directories Accessible to External Parties vulnerability in Projectdiscovery Interactsh Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login. | 9.8 |
| 2024-06-05 | CVE-2024-5636 | Unspecified vulnerability in Bakery Online Ordering System Project Bakery Online Ordering System 1.0 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. | 9.8 |
| 2024-06-04 | CVE-2024-36121 | Integer Overflow or Wraparound vulnerability in Netty Netty-Incubator-Codec-Ohttp netty-incubator-codec-ohttp is the OHTTP implementation for netty. | 9.1 |