Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-05 CVE-2024-23997 Cross-site Scripting vulnerability in Lukasbach Yana
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
network
low complexity
lukasbach CWE-79
critical
9.6
2024-07-05 CVE-2024-23998 Cross-site Scripting vulnerability in Goanother Another Redis Desktop Manager
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.
network
low complexity
goanother CWE-79
critical
9.6
2024-07-05 CVE-2024-29319 Server-Side Request Forgery (SSRF) vulnerability in Personal-Management-System Personal Management System 1.4.64
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file.
network
low complexity
personal-management-system CWE-918
critical
9.8
2024-07-05 CVE-2024-37768 Unspecified vulnerability in B1Ackc4T 14Finger 1.1
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.
network
low complexity
b1ackc4t
critical
9.1
2024-07-05 CVE-2024-38346 Unspecified vulnerability in Apache Cloudstack
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts.
network
low complexity
apache
critical
9.8
2024-07-05 CVE-2024-39028 Unspecified vulnerability in Seacms
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
network
low complexity
seacms
critical
9.8
2024-07-05 CVE-2024-39864 Unspecified vulnerability in Apache Cloudstack
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes.
network
low complexity
apache
critical
9.8
2024-07-05 CVE-2024-6298 Improper Validation of Specified Type of Input vulnerability in ABB products
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely
network
low complexity
abb CWE-1287
critical
9.8
2024-07-04 CVE-2024-39930 Unspecified vulnerability in Gogs
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution.
network
low complexity
gogs
critical
9.9
2024-07-04 CVE-2024-39931 Unspecified vulnerability in Gogs
Gogs through 0.13.0 allows deletion of internal files.
network
low complexity
gogs
critical
9.9