Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2024-36675 Server-Side Request Forgery (SSRF) vulnerability in Lylme Spage 1.9.5
LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.
network
low complexity
lylme CWE-918
critical
 9.1
9.1
2024-06-04 CVE-2024-5635 SQL Injection vulnerability in Bakery Online Ordering System Project Bakery Online Ordering System 1.0
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0.
network
low complexity
bakery-online-ordering-system-project CWE-89
critical
 9.8
9.8
2024-06-04 CVE-2024-4219 Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
network
low complexity
beyondtrust CWE-918
critical
 9.1
9.1
2024-06-04 CVE-2024-28103 Unspecified vulnerability in Rubyonrails Rails
Action Pack is a framework for handling and responding to web requests.
network
low complexity
rubyonrails
critical
 9.8
9.8
2024-06-04 CVE-2024-35670 Improper Authentication vulnerability in Softlabbd Integrate Google Drive
Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93.
network
low complexity
softlabbd CWE-287
critical
 9.8
9.8
2024-06-04 CVE-2024-35672 Unspecified vulnerability in Netgsm 2.9.16
Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19.
network
low complexity
netgsm
critical
 9.8
9.8
2024-06-04 CVE-2024-36604 Command Injection vulnerability in Tendacn O3V2 Firmware 1.0.0.12(3880)
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2024-06-04 CVE-2024-36858 Unrestricted Upload of File with Dangerous Type vulnerability in Homebrew JAN 0.4.12
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
homebrew CWE-434
critical
 9.8
9.8
2024-06-04 CVE-2024-37273 Unrestricted Upload of File with Dangerous Type vulnerability in Homebrew JAN 0.4.12
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
homebrew CWE-434
critical
 9.8
9.8
2024-06-04 CVE-2024-36400 Insufficient Entropy vulnerability in VIZ Nano ID
nano-id is a unique string ID generator for Rust.
network
low complexity
viz CWE-331
critical
 9.8
9.8