Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-44921 | SQL Injection vulnerability in Seacms 12.9 SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | 9.8 |
| 2024-09-03 | CVE-2024-7261 | OS Command Injection vulnerability in Zyxel products The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. | 9.8 |
| 2024-09-03 | CVE-2024-8380 | SQL Injection vulnerability in Rems Contact Manager With Export to VCF 1.0 A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. | 9.8 |
| 2024-09-02 | CVE-2024-6919 | SQL Injection vulnerability in NAC Nacpremium Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. | 9.8 |
| 2024-09-02 | CVE-2024-43772 | SQL Injection vulnerability in Easytest Online Test Platform SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. | 9.8 |
| 2024-09-02 | CVE-2024-43773 | SQL Injection vulnerability in Easytest Online Test Platform SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. | 9.8 |
| 2024-09-02 | CVE-2024-45522 | Unspecified vulnerability in Linen Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. | 9.8 |
| 2024-09-01 | CVE-2024-45508 | Out-of-bounds Write vulnerability in Htmldoc Project Htmldoc HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. | 9.8 |
| 2024-09-01 | CVE-2024-8368 | SQL Injection vulnerability in Fabianros Hospital Management System 1.0 A vulnerability was found in code-projects Hospital Management System 1.0. | 9.8 |
| 2024-08-31 | CVE-2024-39747 | Unspecified vulnerability in IBM Sterling Connect Direct web Services IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. | 9.8 |