Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2024-5772 Unspecified vulnerability in Netentsec Application Security Gateway 6.3
A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3.
network
low complexity
netentsec
critical
9.8
2024-06-09 CVE-2024-5773 Unspecified vulnerability in Netentsec Application Security Gateway 6.3
A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3.
network
low complexity
netentsec
critical
9.8
2024-06-08 CVE-2024-4146 Incorrect Authorization vulnerability in Lunary 1.2.13
In lunary-ai/lunary version v1.2.13, an incorrect authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to.
network
low complexity
lunary CWE-863
critical
9.8
2024-06-08 CVE-2024-37407 Out-of-bounds Read vulnerability in Libarchive
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled.
network
low complexity
libarchive CWE-125
critical
9.1
2024-06-07 CVE-2024-37388 XXE vulnerability in Dnkorpushov Ebookmeta
An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
network
low complexity
dnkorpushov CWE-611
critical
9.1
2024-06-07 CVE-2024-5745 Unspecified vulnerability in Bakery Online Ordering System Project Bakery Online Ordering System 1.0
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0.
network
low complexity
bakery-online-ordering-system-project
critical
9.8
2024-06-07 CVE-2024-30163 SQL Injection vulnerability in Invisioncommunity
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries.
network
low complexity
invisioncommunity CWE-89
critical
9.8
2024-06-07 CVE-2024-36673 SQL Injection vulnerability in Pharmacy/Medical Store Point of Sale System Project Pharmacy/Medical Store Point of Sale System 1.0
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php.
9.8
2024-06-07 CVE-2024-5733 Unspecified vulnerability in Online Discussion Forum Project Online Discussion Forum 1.0
A vulnerability was found in itsourcecode Online Discussion Forum 1.0.
network
low complexity
online-discussion-forum-project
critical
9.8
2024-06-07 CVE-2024-5732 Unspecified vulnerability in Clashforwindows Clash
A vulnerability was found in Clash up to 0.20.1 on Windows.
network
low complexity
clashforwindows
critical
9.8