Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-6593 Incorrect Authorization vulnerability in Watchguard Authentication Gateway
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2.
network
low complexity
watchguard CWE-863
critical
9.1
2024-09-25 CVE-2024-8275 SQL Injection vulnerability in Stellarwp the Events Calendar
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
stellarwp CWE-89
critical
9.8
2024-09-25 CVE-2024-8485 Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated.
network
low complexity
jianbo CWE-639
critical
9.8
2024-09-25 CVE-2024-43423 Use of Hard-coded Credentials vulnerability in Doverfuelingsolutions products
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
network
low complexity
doverfuelingsolutions CWE-798
critical
9.8
2024-09-25 CVE-2024-43692 Unspecified vulnerability in Doverfuelingsolutions products
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
network
low complexity
doverfuelingsolutions
critical
9.8
2024-09-25 CVE-2024-43693 Command Injection vulnerability in Doverfuelingsolutions products
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
network
low complexity
doverfuelingsolutions CWE-77
critical
9.8
2024-09-25 CVE-2024-45066 Command Injection vulnerability in Doverfuelingsolutions products
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
network
low complexity
doverfuelingsolutions CWE-77
critical
9.8
2024-09-25 CVE-2024-8436 The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
critical
9.9
2024-09-25 CVE-2024-8877 SQL Injection vulnerability in Riello-Ups Netman 204 Firmware 02.05
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204.
network
low complexity
riello-ups CWE-89
critical
9.8
2024-09-25 CVE-2024-8878 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
network
low complexity
riello-ups CWE-640
critical
9.8