Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-48793 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | 9.8 |
| 2024-02-02 | CVE-2024-22779 | Path Traversal vulnerability in Kihron Serverrpexposer 1.0.2 Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | 9.8 |
| 2024-02-02 | CVE-2024-22901 | Unspecified vulnerability in Vinchin Backup and Recovery Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | 9.8 |
| 2024-02-02 | CVE-2024-22902 | Unspecified vulnerability in Vinchin Backup and Recovery Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. | 9.8 |
| 2024-02-02 | CVE-2024-23746 | Code Injection vulnerability in Miro 0.8.18 Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). | 9.8 |
| 2024-02-02 | CVE-2023-50940 | Incorrect Comparison vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 9.8 |
| 2024-02-02 | CVE-2024-21764 | Use of Hard-coded Credentials vulnerability in Rapidscada Rapid Scada In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | 9.8 |
| 2024-02-01 | CVE-2023-46706 | Use of Hard-coded Credentials vulnerability in Machinesense Feverwarn Firmware Multiple MachineSense devices have credentials unable to be changed by the user or administrator. | 9.8 |
| 2024-02-01 | CVE-2023-49617 | Missing Authentication for Critical Function vulnerability in Machinesense Feverwarn Firmware The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. | 9.1 |
| 2024-02-01 | CVE-2023-4472 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Objectplanet Opinio Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application. | 9.8 |