Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-08 CVE-2024-41161 Use of Hard-coded Credentials vulnerability in Vonets products
Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials.
network
low complexity
vonets CWE-798
critical
9.8
2024-08-08 CVE-2024-42366 Cross-site Scripting vulnerability in Vrcx-Team Vrcx
VRCX is an assistant/companion application for VRChat.
network
low complexity
vrcx-team CWE-79
critical
9.0
2024-08-08 CVE-2024-42355 Code Injection vulnerability in Shopware
Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag.
network
low complexity
shopware CWE-94
critical
9.8
2024-08-08 CVE-2024-42357 SQL Injection vulnerability in Shopware
Shopware is an open commerce platform.
network
low complexity
shopware CWE-89
critical
9.8
2024-08-08 CVE-2024-7490 Classic Buffer Overflow vulnerability in Microchip Advanced Software Framework
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported.
network
low complexity
microchip CWE-120
critical
9.8
2024-08-08 CVE-2024-42256 Unspecified vulnerability in Linux Kernel 6.10/6.10.0
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting. Fix this by just removing the repick code in smb2_async_writev().
network
low complexity
linux
critical
9.8
2024-08-08 CVE-2024-7350 The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7.
network
low complexity
critical
9.8
2024-08-07 CVE-2024-41912 Unspecified vulnerability in HP Poly Clariti Manager Firmware
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices.
network
low complexity
hp
critical
9.8
2024-08-07 CVE-2024-41237 SQL Injection vulnerability in Lopalopa Responsive School Management System 3.2.0
A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter.
network
low complexity
lopalopa CWE-89
critical
9.8
2024-08-07 CVE-2024-20450 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow.
network
low complexity
cisco CWE-120
critical
9.8