Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-12 | CVE-2024-40541 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. | 9.8 |
2024-07-12 | CVE-2024-40542 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. | 9.8 |
2024-07-11 | CVE-2024-6385 | Unspecified vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. | 9.8 |
2024-07-11 | CVE-2024-6653 | Unspecified vulnerability in Code-Projects Simple Task List 1.0 A vulnerability was found in code-projects Simple Task List 1.0. | 9.8 |
2024-07-10 | CVE-2024-5910 | Missing Authentication for Critical Function vulnerability in Paloaltonetworks Expedition Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. | 9.8 |
2024-07-10 | CVE-2024-4879 | Unspecified vulnerability in Servicenow Utah/Vancouver ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. | 9.8 |
2024-07-10 | CVE-2024-5217 | Incorrect Comparison vulnerability in Servicenow Utah/Vancouver ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. | 9.8 |
2024-07-10 | CVE-2024-21524 | Out-of-bounds Read vulnerability in Magiclen Stringbuilder All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. | 9.1 |
2024-07-09 | CVE-2024-37873 | SQL Injection vulnerability in Itsourcecode Payroll Management System Project in PHP With Source Code 1.0 SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 |
2024-07-09 | CVE-2023-48194 | Unspecified vulnerability in Tenda Ac8V4 Firmware 16.03.34.09 Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. | 9.8 |