Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-08	CVE-2024-24017	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24021	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2023-48974	Cross-site Scripting vulnerability in Axigen Mail Server Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. network low complexity axigen CWE-79 critical	9.6
2024-02-08	CVE-2024-24018	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24023	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24024	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). network low complexity xxyopen CWE-434 critical	9.8
2024-02-08	CVE-2024-24025	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). network low complexity xxyopen CWE-434 critical	9.8
2024-02-08	CVE-2024-24026	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). network low complexity xxyopen CWE-434 critical	9.8
2024-02-07	CVE-2023-38995	Use of Hard-coded Credentials vulnerability in Schuhfried 8.22.00 An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. network low complexity schuhfried CWE-798 critical	9.8
2024-02-07	CVE-2024-24822	Unspecified vulnerability in Pimcore Admin Classic Bundle Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. network low complexity pimcore critical	9.1

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical