Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-24398 | Path Traversal vulnerability in Stimulsoft Dashboards.PHP Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. | 9.8 |
| 2024-02-05 | CVE-2024-0964 | Path Traversal vulnerability in Gradio Project Gradio A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | 9.4 |
| 2024-02-05 | CVE-2024-23049 | Command Injection vulnerability in B3Log Symphony An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | 9.8 |
| 2024-02-05 | CVE-2023-6933 | Deserialization of Untrusted Data vulnerability in Wpengine Better Search Replace The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. | 9.8 |
| 2024-02-05 | CVE-2023-6989 | Path Traversal vulnerability in Getshieldsecurity Shield Security The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. | 9.8 |
| 2024-02-05 | CVE-2023-51951 | SQL Injection vulnerability in Stock Management System Project Stock Management System 1.0 SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | 9.8 |
| 2024-02-05 | CVE-2024-24543 | Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.06.42Multi Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. | 9.8 |
| 2024-02-05 | CVE-2024-0323 | Unspecified vulnerability in Br-Automation Automation Runtime The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. | 9.8 |
| 2024-02-05 | CVE-2024-23054 | Uncontrolled Search Path Element vulnerability in Plone Docker Official Image 5.2.13 An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | 9.8 |
| 2024-02-05 | CVE-2023-52138 | Link Following vulnerability in Mate-Desktop Engrampa Engrampa is an archive manager for the MATE environment. | 9.6 |