Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-28200 Improper Authentication vulnerability in N-Able N-Central 2023.4/2023.6/2023.7
The N-central server is vulnerable to an authentication bypass of the user interface.
network
low complexity
n-able CWE-287
critical
9.8
2024-07-01 CVE-2024-38366 Injection vulnerability in Cocoapods Trunk.Cocoapods.Org
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager.
network
low complexity
cocoapods CWE-74
critical
10.0
2024-07-01 CVE-2024-38367 Unspecified vulnerability in Cocoapods Trunk.Cocoapods.Org
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager.
network
low complexity
cocoapods
critical
9.6
2024-07-01 CVE-2024-38368 Unspecified vulnerability in Cocoapods Trunk.Cocoapods.Org
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager.
network
low complexity
cocoapods
critical
9.3
2024-07-01 CVE-2024-38474 Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
network
low complexity
apache netapp
critical
9.8
2024-07-01 CVE-2024-38476 Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
network
low complexity
apache netapp
critical
9.8
2024-07-01 CVE-2024-36401 Code Injection vulnerability in multiple products
GeoServer is an open source server that allows users to share and edit geospatial data.
network
low complexity
geoserver geotools CWE-94
critical
9.8
2024-07-01 CVE-2024-21456 Out-of-bounds Read vulnerability in Qualcomm products
Information Disclosure while parsing beacon frame in STA.
network
low complexity
qualcomm CWE-125
critical
9.1
2024-07-01 CVE-2024-6376 Code Injection vulnerability in Mongodb Compass
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling.
network
low complexity
mongodb CWE-94
critical
9.8
2024-07-01 CVE-2024-6419 Unspecified vulnerability in Oretnom23 Medicine Tracker System 1.0
A vulnerability classified as critical was found in SourceCodester Medicine Tracker System 1.0.
network
low complexity
oretnom23
critical
9.8