Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-23997 | Cross-site Scripting vulnerability in Lukasbach Yana Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. | 9.6 |
| 2024-07-05 | CVE-2024-23998 | Cross-site Scripting vulnerability in Goanother Another Redis Desktop Manager goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue. | 9.6 |
| 2024-07-05 | CVE-2024-29319 | Server-Side Request Forgery (SSRF) vulnerability in Personal-Management-System Personal Management System 1.4.64 Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. | 9.8 |
| 2024-07-05 | CVE-2024-37768 | Unspecified vulnerability in B1Ackc4T 14Finger 1.1 14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id. | 9.1 |
| 2024-07-05 | CVE-2024-38346 | Unspecified vulnerability in Apache Cloudstack The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. | 9.8 |
| 2024-07-05 | CVE-2024-39028 | Unspecified vulnerability in Seacms An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | 9.8 |
| 2024-07-05 | CVE-2024-39864 | Unspecified vulnerability in Apache Cloudstack The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. | 9.8 |
| 2024-07-05 | CVE-2024-6298 | Improper Validation of Specified Type of Input vulnerability in ABB products Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely | 9.8 |
| 2024-07-04 | CVE-2024-39930 | Unspecified vulnerability in Gogs The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. | 9.9 |
| 2024-07-04 | CVE-2024-39931 | Unspecified vulnerability in Gogs Gogs through 0.13.0 allows deletion of internal files. | 9.9 |