Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-08 | CVE-2024-32113 | Unspecified vulnerability in Apache Ofbiz Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | 9.8 |
| 2024-05-07 | CVE-2024-4558 | Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 |
| 2024-05-06 | CVE-2024-21480 | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption while playing audio file having large-sized input buffer. | 9.8 |
| 2024-05-03 | CVE-2023-38724 | Unspecified vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. | 9.8 |
| 2024-05-03 | CVE-2023-51633 | Cross-site Scripting vulnerability in Centreon web Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. | 9.6 |
| 2024-05-02 | CVE-2024-1567 | Unrestricted Upload of File with Dangerous Type vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. | 9.8 |
| 2024-04-24 | CVE-2024-28825 | Improper Restriction of Excessive Authentication Attempts vulnerability in Checkmk Improper restriction of excessive authentication attempts on some authentication methods in Checkmk before 2.3.0b5 (beta), 2.2.0p26, 2.1.0p43, and in Checkmk 2.0.0 (EOL) facilitates password brute-forcing. | 9.8 |
| 2024-04-22 | CVE-2024-4040 | Code Injection vulnerability in Crushftp A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 10.0 |
| 2024-04-22 | CVE-2024-27348 | Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | 9.8 |
| 2024-04-19 | CVE-2024-32038 | Out-of-bounds Write vulnerability in Wazuh Wazuh is a free and open source platform used for threat prevention, detection, and response. | 9.8 |