Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-08 | CVE-2024-39742 | Incorrect Comparison vulnerability in IBM MQ Operator IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. | 9.8 |
| 2024-07-08 | CVE-2024-27903 | Unrestricted Upload of File with Dangerous Type vulnerability in Openvpn OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | 9.8 |
| 2024-07-07 | CVE-2024-40614 | Unspecified vulnerability in Egroupware EGroupware before 23.1.20240624 mishandles an ORDER BY clause. | 9.8 |
| 2024-07-06 | CVE-2024-37260 | Unspecified vulnerability in Themeruby Foxiz Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5. | 9.3 |
| 2024-07-05 | CVE-2024-27712 | Unspecified vulnerability in Eskooly 3.0 An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the User Account Mangemnt component in the authentication mechanism. | 9.8 |
| 2024-07-05 | CVE-2024-23997 | Cross-site Scripting vulnerability in Lukasbach Yana Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. | 9.6 |
| 2024-07-05 | CVE-2024-23998 | Cross-site Scripting vulnerability in Goanother Another Redis Desktop Manager goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. | 9.6 |
| 2024-07-05 | CVE-2024-29319 | Server-Side Request Forgery (SSRF) vulnerability in Personal-Management-System Personal Management System 1.4.64 Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. | 9.8 |
| 2024-07-05 | CVE-2024-37768 | Unspecified vulnerability in B1Ackc4T 14Finger 1.1 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. | 9.1 |
| 2024-07-05 | CVE-2024-38346 | Unspecified vulnerability in Apache Cloudstack The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. | 9.8 |