Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-27 CVE-2024-1107 Unspecified vulnerability in Talyabilisim Travel Apps
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
network
low complexity
talyabilisim
critical
9.8
2024-06-25 CVE-2024-37843 SQL Injection vulnerability in Craftcms Craft CMS
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
network
low complexity
craftcms CWE-89
critical
9.8
2024-06-25 CVE-2024-4883 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold.
network
low complexity
progress
critical
9.8
2024-06-25 CVE-2024-4884 Command Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.
network
low complexity
progress CWE-77
critical
9.8
2024-06-25 CVE-2024-4885 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
network
low complexity
progress
critical
9.8
2024-06-25 CVE-2024-6308 SQL Injection vulnerability in Clivedelacruz Simple Online Hotel Reservation System 1.0
A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0.
network
low complexity
clivedelacruz CWE-89
critical
9.8
2024-06-25 CVE-2024-5988 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
network
low complexity
rockwellautomation
critical
9.8
2024-06-25 CVE-2024-5989 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
network
low complexity
rockwellautomation
critical
9.8
2024-06-25 CVE-2024-5805 Improper Authentication vulnerability in Progress Moveit Gateway 2024.0
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
network
low complexity
progress CWE-287
critical
9.1
2024-06-25 CVE-2024-5806 Unspecified vulnerability in Progress Moveit Transfer
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
network
low complexity
progress
critical
9.8