Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-38474 Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
network
low complexity
apache netapp
critical
 9.8
9.8
2024-07-01 CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
network
low complexity
apache netapp
critical
 9.8
9.8
2024-07-01 CVE-2024-36401 Code Injection vulnerability in multiple products
GeoServer is an open source server that allows users to share and edit geospatial data.
network
low complexity
geoserver geotools CWE-94
critical
 9.8
9.8
2024-07-01 CVE-2024-21456 Out-of-bounds Read vulnerability in Qualcomm products
Information Disclosure while parsing beacon frame in STA.
network
low complexity
qualcomm CWE-125
critical
 9.1
9.1
2024-07-01 CVE-2024-6376 Code Injection vulnerability in Mongodb Compass
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling.
network
low complexity
mongodb CWE-94
critical
 9.8
9.8
2024-07-01 CVE-2024-38998 Unspecified vulnerability in Requirejs
jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config.
network
low complexity
requirejs
critical
 9.8
9.8
2024-07-01 CVE-2024-6419 Unspecified vulnerability in Oretnom23 Medicine Tracker System 1.0
A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0.
network
low complexity
oretnom23
critical
 9.8
9.8
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
 9.1
9.1
2024-06-28 CVE-2024-6402 Out-of-bounds Write vulnerability in Tendacn A301 Firmware 15.13.08.12
A vulnerability classified as critical was found in Tenda A301 15.13.08.12.
network
low complexity
tendacn CWE-787
critical
 9.8
9.8
2024-06-28 CVE-2024-6403 Out-of-bounds Write vulnerability in Tendacn A301 Firmware 15.13.08.12
A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12.
network
low complexity
tendacn CWE-787
critical
 9.8
9.8