Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-5184 | Injection vulnerability in Emailgpt The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. | 9.1 |
| 2024-06-05 | CVE-2024-24790 | Unspecified vulnerability in Golang GO The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | 9.8 |
| 2024-06-05 | CVE-2024-5526 | Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity. | 9.1 |
| 2024-06-05 | CVE-2024-4295 | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-06-05 | CVE-2024-5262 | Files or Directories Accessible to External Parties vulnerability in Projectdiscovery Interactsh Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login. | 9.8 |
| 2024-06-05 | CVE-2024-5636 | Unspecified vulnerability in Bakery Online Ordering System Project Bakery Online Ordering System 1.0 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. | 9.8 |
| 2024-06-04 | CVE-2024-36121 | Integer Overflow or Wraparound vulnerability in Netty Netty-Incubator-Codec-Ohttp netty-incubator-codec-ohttp is the OHTTP implementation for netty. | 9.1 |
| 2024-06-04 | CVE-2024-36675 | Server-Side Request Forgery (SSRF) vulnerability in Lylme Spage 1.9.5 LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function. | 9.1 |
| 2024-06-04 | CVE-2024-5635 | SQL Injection vulnerability in Bakery Online Ordering System Project Bakery Online Ordering System 1.0 A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. | 9.8 |
| 2024-06-04 | CVE-2024-4219 | Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1 Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. | 9.1 |