Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-30 | CVE-2024-24331 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | 9.8 |
| 2024-01-30 | CVE-2024-24332 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | 9.8 |
| 2024-01-30 | CVE-2024-24333 | OS Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. | 9.8 |
| 2024-01-30 | CVE-2024-1032 | Unspecified vulnerability in Openbi Project Openbi A vulnerability classified as critical was found in openBI up to 1.0.8. | 9.8 |
| 2024-01-30 | CVE-2023-6943 | Unspecified vulnerability in Mitsubishielectric products Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | 9.8 |
| 2024-01-30 | CVE-2024-1061 | SQL Injection vulnerability in Bplugins Html5 Video Player The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. | 9.8 |
| 2024-01-30 | CVE-2024-21488 | Command Injection vulnerability in Forkhq Network Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. | 9.8 |
| 2024-01-30 | CVE-2024-1027 | Unspecified vulnerability in Oretnom23 Facebook News Feed Like 1.0 A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. | 9.8 |
| 2024-01-30 | CVE-2023-51837 | Improper Certificate Validation vulnerability in Meshcentral 1.1.16 Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | 9.8 |
| 2024-01-30 | CVE-2023-51982 | Improper Authentication vulnerability in Cratedb 5.5.1 CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. | 9.8 |