Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2023-1083 | An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. | 9.8 |
| 2024-04-04 | CVE-2024-21894 | Out-of-bounds Write vulnerability in Ivanti Connect Secure and Policy Secure A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. | 9.8 |
| 2024-04-04 | CVE-2024-2692 | SiYuan version 3.0.3 allows executing arbitrary commands on the server. | 9.6 |
| 2024-04-04 | CVE-2024-3272 | Use of Hard-coded Credentials vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |
| 2024-04-04 | CVE-2024-3273 | Command Injection vulnerability in Dlink products ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. | 9.8 |
| 2024-04-02 | CVE-2024-30620 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. | 9.8 |
| 2024-04-02 | CVE-2024-30621 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. | 9.8 |
| 2024-04-01 | CVE-2024-21473 | Memory corruption while redirecting log file to any file location with any file name. network low complexity critical | 9.8 |
| 2024-03-31 | CVE-2023-46808 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Neurons for Itsm An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. | 9.9 |
| 2024-03-29 | CVE-2024-3094 | Embedded Malicious Code vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |