Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-08	CVE-2023-48974	Cross-site Scripting vulnerability in Axigen Mail Server Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. network low complexity axigen CWE-79 critical	9.6
2024-02-08	CVE-2024-24018	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24023	SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. network low complexity xxyopen CWE-89 critical	9.8
2024-02-08	CVE-2024-24024	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). network low complexity xxyopen CWE-434 critical	9.8
2024-02-08	CVE-2024-24025	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). network low complexity xxyopen CWE-434 critical	9.8
2024-02-08	CVE-2024-24026	Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). network low complexity xxyopen CWE-434 critical	9.8
2024-02-07	CVE-2023-38995	Use of Hard-coded Credentials vulnerability in Schuhfried 8.22.00 An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command. network low complexity schuhfried CWE-798 critical	9.8
2024-02-07	CVE-2024-24822	Unspecified vulnerability in Pimcore Admin Classic Bundle Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. network low complexity pimcore critical	9.1
2024-02-07	CVE-2023-32328	Unspecified vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. network low complexity ibm critical	9.8
2024-02-07	CVE-2023-32330	Improper Certificate Validation vulnerability in IBM Security Verify Access IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. network low complexity ibm CWE-295 critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical