Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-23108 | Unspecified vulnerability in Fortinet Fortisiem An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 9.8 |
| 2024-02-05 | CVE-2024-23109 | OS Command Injection vulnerability in Fortinet Fortisiem An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. | 9.8 |
| 2024-02-05 | CVE-2024-1225 | Unspecified vulnerability in Qibosoft Qibocms X1 1.0.6 A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. | 9.8 |
| 2024-02-05 | CVE-2021-4436 | Unrestricted Upload of File with Dangerous Type vulnerability in Wp3Dprinting 3Dprint Lite The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. | 9.8 |
| 2024-02-05 | CVE-2023-7077 | Path Traversal vulnerability in Sharp products Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request. | 9.8 |
| 2024-02-05 | CVE-2024-20011 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 11.0/12.0/13.0 In alac decoder, there is a possible information disclosure due to an incorrect bounds check. | 9.8 |
| 2024-02-04 | CVE-2024-25089 | Unspecified vulnerability in Malwarebytes Binisoft Windows Firewall Control Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | 9.8 |
| 2024-02-04 | CVE-2020-36773 | Use After Free vulnerability in Artifex Ghostscript Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | 9.8 |
| 2024-02-04 | CVE-2019-25159 | Unspecified vulnerability in Mpedraza2020 Intranet DEL Monterroso A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. | 9.8 |
| 2024-02-03 | CVE-2023-31004 | Unspecified vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. | 9.0 |