Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-08 CVE-2024-4146 Incorrect Authorization vulnerability in Lunary 1.2.13
In lunary-ai/lunary version v1.2.13, an incorrect authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to.
network
low complexity
lunary CWE-863
critical
9.8
2024-06-08 CVE-2024-37407 Out-of-bounds Read vulnerability in Libarchive
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled.
network
low complexity
libarchive CWE-125
critical
9.1
2024-06-07 CVE-2024-37388 XXE vulnerability in Dnkorpushov Ebookmeta
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
network
low complexity
dnkorpushov CWE-611
critical
9.1
2024-06-07 CVE-2024-5745 Unspecified vulnerability in Bakery Online Ordering System Project Bakery Online Ordering System 1.0
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0.
network
low complexity
bakery-online-ordering-system-project
critical
9.8
2024-06-07 CVE-2024-30163 SQL Injection vulnerability in Invisioncommunity
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries.
network
low complexity
invisioncommunity CWE-89
critical
9.8
2024-06-07 CVE-2024-36673 SQL Injection vulnerability in Pharmacy/Medical Store Point of Sale System Project Pharmacy/Medical Store Point of Sale System 1.0
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php.
9.8
2024-06-07 CVE-2024-5733 Unspecified vulnerability in Online Discussion Forum Project Online Discussion Forum 1.0
A vulnerability was found in itsourcecode Online Discussion Forum 1.0.
network
low complexity
online-discussion-forum-project
critical
9.8
2024-06-07 CVE-2024-5732 Unspecified vulnerability in Clashforwindows Clash
A vulnerability was found in Clash up to 0.20.1 on Windows.
network
low complexity
clashforwindows
critical
9.8
2024-06-06 CVE-2024-24192 Out-of-bounds Read vulnerability in Robertdavidgraham Robdns 20151209
robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
network
low complexity
robertdavidgraham CWE-125
critical
9.1
2024-06-06 CVE-2024-22074 Unspecified vulnerability in Dynamsoft Service
Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control.
network
low complexity
dynamsoft
critical
9.8