Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-24393 | Unrestricted Upload of File with Dangerous Type vulnerability in Oaooa Pichome 1.1.01 File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. | 9.8 |
| 2024-02-08 | CVE-2024-24495 | SQL Injection vulnerability in Remyandrade Daily Habit Tracker 1.0 SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. | 9.8 |
| 2024-02-08 | CVE-2024-24496 | Improper Authentication vulnerability in Remyandrade Daily Habit Tracker 1.0 An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. | 9.8 |
| 2024-02-08 | CVE-2024-0242 | Unspecified vulnerability in Johnsoncontrols products Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. | 9.8 |
| 2024-02-08 | CVE-2024-22836 | OS Command Injection vulnerability in Akaunting An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. | 9.8 |
| 2024-02-08 | CVE-2023-50061 | SQL Injection vulnerability in Store-Opart Op'Art Easy Redirect PrestaShop Op'art Easy Redirect >= 1.3.8 and <= 1.3.12 is vulnerable to SQL Injection via Oparteasyredirect::hookActionDispatcher(). | 9.8 |
| 2024-02-08 | CVE-2024-24213 | SQL Injection vulnerability in Supabase Postgres 15.1 Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. | 9.8 |
| 2024-02-08 | CVE-2024-24321 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05 An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | 9.8 |
| 2024-02-08 | CVE-2023-42282 | Server-Side Request Forgery (SSRF) vulnerability in Fedorindutny IP The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. | 9.8 |
| 2024-02-08 | CVE-2024-25189 | Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |