Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-09	CVE-2023-43609	Unspecified vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. network low complexity emerson critical	9.1
2024-02-09	CVE-2023-46687	Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. network low complexity emerson CWE-77 critical	9.8
2024-02-09	CVE-2023-49716	Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. network low complexity emerson CWE-77 critical	9.8
2024-02-09	CVE-2024-1353	Deserialization of Untrusted Data vulnerability in PHPems 1.0 A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. network low complexity phpems CWE-502 critical	9.8
2024-02-08	CVE-2023-47132	Unspecified vulnerability in N-Able N-Central 2023.4/2023.6 An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. network low complexity n-able critical	9.8
2024-02-08	CVE-2023-40266	Path Traversal vulnerability in Mitel Unify Openscape Xpressions Webassistant An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. network low complexity mitel CWE-22 critical	9.8
2024-02-08	CVE-2024-24393	Unrestricted Upload of File with Dangerous Type vulnerability in Oaooa Pichome 1.1.01 File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. network low complexity oaooa CWE-434 critical	9.8
2024-02-08	CVE-2024-24495	SQL Injection vulnerability in Remyandrade Daily Habit Tracker 1.0 SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. network low complexity remyandrade CWE-89 critical	9.8
2024-02-08	CVE-2024-24496	Improper Authentication vulnerability in Remyandrade Daily Habit Tracker 1.0 An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. network low complexity remyandrade CWE-287 critical	9.8
2024-02-08	CVE-2024-0242	Unspecified vulnerability in Johnsoncontrols products Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. network low complexity johnsoncontrols critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical