Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2024-22076 | Unspecified vulnerability in Myq-Solution Print Server 8.2 MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. | 9.8 |
| 2024-01-22 | CVE-2021-42141 | Improper Handling of Exceptional Conditions vulnerability in Contiki-Ng Tinydtls 20180830 An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. | 9.8 |
| 2024-01-22 | CVE-2023-48118 | SQL Injection vulnerability in Quest-Analytics Iqcrm 2023.9.5 SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page. | 9.8 |
| 2024-01-22 | CVE-2022-45790 | Improper Restriction of Excessive Authentication Attempts vulnerability in Omron products The Omron FINS protocol has an authenticated feature to prevent access to memory regions. | 9.1 |
| 2024-01-22 | CVE-2024-0204 | Forced Browsing vulnerability in Fortra Goanywhere Managed File Transfer Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. | 9.8 |
| 2024-01-22 | CVE-2024-0783 | Unspecified vulnerability in Online Admission System Project Online Admission System 1.0 A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. | 9.8 |
| 2024-01-22 | CVE-2024-0784 | Unspecified vulnerability in Hongmaple Octopus 1.0 A vulnerability was found in hongmaple octopus 1.0. | 9.8 |
| 2024-01-22 | CVE-2024-0778 | OS Command Injection vulnerability in Uniview ISC 2500-S Firmware 20210930 ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. | 9.8 |
| 2024-01-22 | CVE-2017-20189 | Deserialization of Untrusted Data vulnerability in Clojure In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. | 9.8 |
| 2024-01-22 | CVE-2024-23771 | Information Exposure Through Discrepancy vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131/1.14 darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 9.8 |