Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-12 CVE-2024-40541 SQL Injection vulnerability in Codermy My-Springsecurity-Plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build.
network
low complexity
codermy CWE-89
critical
9.8
2024-07-12 CVE-2024-40542 SQL Injection vulnerability in Codermy My-Springsecurity-Plus
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset.
network
low complexity
codermy CWE-89
critical
9.8
2024-07-11 CVE-2024-6385 Unspecified vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.
network
low complexity
gitlab
critical
9.8
2024-07-11 CVE-2024-6653 Unspecified vulnerability in Code-Projects Simple Task List 1.0
A vulnerability was found in code-projects Simple Task List 1.0.
network
low complexity
code-projects
critical
9.8
2024-07-10 CVE-2024-5910 Missing Authentication for Critical Function vulnerability in Paloaltonetworks Expedition
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment.
network
low complexity
paloaltonetworks CWE-306
critical
9.8
2024-07-10 CVE-2024-4879 Unspecified vulnerability in Servicenow Utah/Vancouver
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases.
network
low complexity
servicenow
critical
9.8
2024-07-10 CVE-2024-5217 Incorrect Comparison vulnerability in Servicenow Utah/Vancouver
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases.
network
low complexity
servicenow CWE-697
critical
9.8
2024-07-10 CVE-2024-21524 Out-of-bounds Read vulnerability in Magiclen Stringbuilder
All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input.
network
low complexity
magiclen CWE-125
critical
9.1
2024-07-09 CVE-2024-37873 SQL Injection vulnerability in Itsourcecode Payroll Management System Project in PHP With Source Code 1.0
SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
itsourcecode CWE-89
critical
9.8
2024-07-09 CVE-2023-48194 Unspecified vulnerability in Tenda Ac8V4 Firmware 16.03.34.09
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0.
network
low complexity
tenda
critical
9.8