Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2021-3902 | Unspecified vulnerability in Dompdf Project Dompdf An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. | 9.8 |
| 2024-11-15 | CVE-2022-1884 | Command Injection vulnerability in Gogs A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. | 9.8 |
| 2024-11-15 | CVE-2024-10443 | Command Injection vulnerability in Synology Beephotos and Photos Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2024-11-15 | CVE-2024-10534 | Unspecified vulnerability in Dataprom Personnel Attendance Control Systems / Access Control Security Systems Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024. | 9.8 |
| 2024-11-15 | CVE-2024-10924 | Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. | 9.8 |
| 2024-11-14 | CVE-2024-52308 | Unspecified vulnerability in Github CLI The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. | 9.6 |
| 2024-11-14 | CVE-2024-50823 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | 9.8 |
| 2024-11-14 | CVE-2024-50833 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | 9.8 |
| 2024-11-14 | CVE-2024-11209 | Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0 A vulnerability was found in Apereo CAS 6.6. | 9.8 |
| 2024-11-13 | CVE-2024-43091 | Integer Overflow or Wraparound vulnerability in Google Android In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. | 9.8 |