Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2024-1021 Server-Side Request Forgery (SSRF) vulnerability in Ruifang-Tech Rebuild
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5.
network
low complexity
ruifang-tech CWE-918
critical
 9.8
9.8
2024-01-29 CVE-2023-51839 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Devicefarmer Smartphone Test Farm 3.6.6
DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm.
network
low complexity
devicefarmer CWE-327
critical
 9.1
9.1
2024-01-29 CVE-2023-51840 Use of Hard-coded Credentials vulnerability in Html-Js Doracms 2.1.8
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.
network
low complexity
html-js CWE-798
critical
 9.8
9.8
2024-01-29 CVE-2024-24141 SQL Injection vulnerability in Remyandrade School Task Manager 1.0
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
network
low complexity
remyandrade CWE-89
critical
 9.8
9.8
2024-01-29 CVE-2024-1009 SQL Injection vulnerability in Employee Management System Project Employee Management System 1.0
A vulnerability was found in SourceCodester Employee Management System 1.0.
network
low complexity
employee-management-system-project CWE-89
critical
 9.8
9.8
2024-01-29 CVE-2024-23822 Unspecified vulnerability in Thruk
Thruk is a multibackend monitoring webinterface.
network
low complexity
thruk
critical
 9.8
9.8
2024-01-29 CVE-2024-23827 Path Traversal vulnerability in Nginxui Nginx UI
Nginx-UI is a web interface to manage Nginx configurations.
network
low complexity
nginxui CWE-22
critical
 9.8
9.8
2024-01-29 CVE-2024-1001 Unspecified vulnerability in Totolink N200Re Firmware 9.3.5U.6139B20201216
A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216.
network
low complexity
totolink
critical
 9.8
9.8
2024-01-29 CVE-2024-1015 Code Injection vulnerability in Se-Elektronicgmbh E-Ddc3.3 Firmware 03.07.03
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher.
network
low complexity
se-elektronicgmbh CWE-94
critical
 9.8
9.8
2024-01-29 CVE-2024-23790 Improper Validation of Integrity Check Value vulnerability in Otrs
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1.
network
low complexity
otrs CWE-354
critical
 9.8
9.8