Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-5894 | Unspecified vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. | 9.8 |
| 2024-06-12 | CVE-2024-5895 | Unspecified vulnerability in Oretnom23 Employee and Visitor Gate Pass Logging System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. | 9.8 |
| 2024-06-12 | CVE-2024-1576 | SQL Injection vulnerability in Megabip 4.36.2 SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator password. This issue affects MegaBIP software versions through 5.09. | 9.8 |
| 2024-06-12 | CVE-2024-1577 | Code Injection vulnerability in Megabip 4.36.2 Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2. | 9.8 |
| 2024-06-12 | CVE-2024-1659 | Unrestricted Upload of File with Dangerous Type vulnerability in Megabip 4.36.2 Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10. | 9.8 |
| 2024-06-12 | CVE-2024-36264 | Unspecified vulnerability in Apache Submarine 0.8.0 ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. | 9.8 |
| 2024-06-11 | CVE-2023-52233 | Unspecified vulnerability in Wpexperts Post Smtp Mailer Missing Authorization vulnerability in Post SMTP Post SMTP Mailer/Email Log.This issue affects Post SMTP Mailer/Email Log: from n/a through 2.8.6. | 9.8 |
| 2024-06-11 | CVE-2024-2011 | Out-of-bounds Write vulnerability in Hitachienergy Foxman-Un and Unem A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | 9.8 |
| 2024-06-11 | CVE-2024-2012 | Unspecified vulnerability in Hitachienergy Foxman-Un and Unem vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | 9.8 |
| 2024-06-11 | CVE-2024-2013 | Missing Authentication for Critical Function vulnerability in Hitachienergy Foxman-Un and Unem An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | 10.0 |