Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-5989 Unspecified vulnerability in Rockwellautomation Thinmanager and Thinserver
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
network
low complexity
rockwellautomation
critical
9.8
2024-06-25 CVE-2024-5805 Improper Authentication vulnerability in Progress Moveit Gateway 2024.0
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
network
low complexity
progress CWE-287
critical
9.1
2024-06-25 CVE-2024-5806 Unspecified vulnerability in Progress Moveit Transfer
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
network
low complexity
progress
critical
9.8
2024-06-25 CVE-2024-4641 Use of Externally-Controlled Format String vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument.
network
low complexity
moxa CWE-134
critical
9.8
2024-06-25 CVE-2024-4196 Unspecified vulnerability in Avaya IP Office
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component.
network
low complexity
avaya
critical
9.8
2024-06-25 CVE-2024-4197 Unrestricted Upload of File with Dangerous Type vulnerability in Avaya IP Office
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component.
network
low complexity
avaya CWE-434
critical
9.8
2024-06-24 CVE-2024-33879 Path Traversal vulnerability in Virtosoftware Sharepoint Bulk File Download 5.5.44
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019.
network
low complexity
virtosoftware CWE-22
critical
9.8
2024-06-24 CVE-2024-37228 Unspecified vulnerability in Instawp Connect
Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.
network
low complexity
instawp
critical
9.8
2024-06-24 CVE-2024-37231 Unspecified vulnerability in Salonbookingsystem Salon Booking System
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.
network
low complexity
salonbookingsystem
critical
9.1
2024-06-24 CVE-2024-37089 Unspecified vulnerability in Stylemixthemes Consulting Elementor Widgets
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0.
network
low complexity
stylemixthemes
critical
9.8