Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-11237 Out-of-bounds Write vulnerability in Tp-Link Vn020-F3V(T) Firmware Ttv6.2.1021
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021.
network
low complexity
tp-link CWE-787
critical
9.8
2024-11-15 CVE-2021-3838 Unspecified vulnerability in Dompdf Project Dompdf
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function.
network
low complexity
dompdf-project
critical
9.8
2024-11-15 CVE-2021-3902 Unspecified vulnerability in Dompdf Project Dompdf
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks.
network
low complexity
dompdf-project
critical
9.8
2024-11-15 CVE-2022-1884 Command Injection vulnerability in Gogs
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server.
network
low complexity
gogs CWE-77
critical
9.8
2024-11-15 CVE-2024-10443 Command Injection vulnerability in Synology Beephotos and Photos
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
synology CWE-77
critical
9.8
2024-11-15 CVE-2024-10534 Unspecified vulnerability in Dataprom Personnel Attendance Control Systems / Access Control Security Systems
Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024.
network
low complexity
dataprom
critical
9.8
2024-11-15 CVE-2024-10924 Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1.
network
low complexity
really-simple-plugins CWE-306
critical
9.8
2024-11-14 CVE-2024-52308 Unspecified vulnerability in Github CLI
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands.
network
low complexity
github
critical
9.6
2024-11-14 CVE-2024-50823 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
network
low complexity
lopalopa CWE-89
critical
9.8
2024-11-14 CVE-2024-50833 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
network
low complexity
lopalopa CWE-89
critical
9.8