Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-08 | CVE-2024-41161 | Use of Hard-coded Credentials vulnerability in Vonets products Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. | 9.8 |
| 2024-08-08 | CVE-2024-42366 | Cross-site Scripting vulnerability in Vrcx-Team Vrcx VRCX is an assistant/companion application for VRChat. | 9.0 |
| 2024-08-08 | CVE-2024-42355 | Code Injection vulnerability in Shopware Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. | 9.8 |
| 2024-08-08 | CVE-2024-42357 | SQL Injection vulnerability in Shopware Shopware is an open commerce platform. | 9.8 |
| 2024-08-08 | CVE-2024-7490 | Classic Buffer Overflow vulnerability in Microchip Advanced Software Framework Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. | 9.8 |
| 2024-08-08 | CVE-2024-42256 | Unspecified vulnerability in Linux Kernel 6.10/6.10.0 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting. Fix this by just removing the repick code in smb2_async_writev(). | 9.8 |
| 2024-08-08 | CVE-2024-7350 | The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. network low complexity critical | 9.8 |
| 2024-08-07 | CVE-2024-41912 | Unspecified vulnerability in HP Poly Clariti Manager Firmware A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. | 9.8 |
| 2024-08-07 | CVE-2024-41237 | SQL Injection vulnerability in Lopalopa Responsive School Management System 3.2.0 A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | 9.8 |
| 2024-08-07 | CVE-2024-20450 | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. | 9.8 |