Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-0338 | Classic Buffer Overflow vulnerability in Apachefriends Xampp A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. | 9.8 |
| 2024-02-02 | CVE-2024-23978 | Out-of-bounds Write vulnerability in Kddi Home Spot Cube 2 Firmware V102 Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. | 9.8 |
| 2024-02-02 | CVE-2024-0685 | SQL Injection vulnerability in Ninjaforms Ninja Forms The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-02-02 | CVE-2024-24482 | Path Traversal vulnerability in Apktool Aprktool before 2.9.3 on Windows allows ../ and /.. | 9.8 |
| 2024-02-02 | CVE-2024-22319 | Unspecified vulnerability in IBM Operational Decision Manager IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. | 9.8 |
| 2024-02-02 | CVE-2024-22533 | Code Injection vulnerability in Xiandafu Beetl 3.15.12 Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. | 9.8 |
| 2024-02-02 | CVE-2023-32333 | Unspecified vulnerability in IBM Maximo Asset Management 7.6.1.3 IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. | 9.8 |
| 2024-02-02 | CVE-2023-48792 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | 9.8 |
| 2024-02-02 | CVE-2023-48793 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | 9.8 |
| 2024-02-02 | CVE-2024-22779 | Path Traversal vulnerability in Kihron Serverrpexposer 1.0.2 Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. | 9.8 |