Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-4641 Use of Externally-Controlled Format String vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument.
network
low complexity
moxa CWE-134
critical
9.8
2024-06-25 CVE-2024-4196 Unspecified vulnerability in Avaya IP Office
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component.
network
low complexity
avaya
critical
9.8
2024-06-25 CVE-2024-4197 Unrestricted Upload of File with Dangerous Type vulnerability in Avaya IP Office
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component.
network
low complexity
avaya CWE-434
critical
9.8
2024-06-24 CVE-2024-33879 Path Traversal vulnerability in Virtosoftware Sharepoint Bulk File Download 5.5.44
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019.
network
low complexity
virtosoftware CWE-22
critical
9.8
2024-06-24 CVE-2024-37228 Unspecified vulnerability in Instawp Connect
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.
network
low complexity
instawp
critical
9.8
2024-06-24 CVE-2024-37089 Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
network
low complexity
stylemixthemes
critical
9.8
2024-06-24 CVE-2024-6280 Unspecified vulnerability in Oretnom23 Simple Online Bidding System 1.0
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0.
network
low complexity
oretnom23
critical
9.8
2024-06-23 CVE-2024-6268 Unspecified vulnerability in Lahirudanushka School Management System 1.0/1.0.1
A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1.
network
low complexity
lahirudanushka
critical
9.8
2024-06-23 CVE-2024-6266 SQL Injection vulnerability in Pearadmin Pear Admin Boot
A vulnerability classified as critical has been found in Pear Admin Boot up to 2.0.2.
network
low complexity
pearadmin CWE-89
critical
9.8
2024-06-22 CVE-2024-6253 Unspecified vulnerability in Kevinwong Online Food Ordering System 1.0
A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical.
network
low complexity
kevinwong
critical
9.8