Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-25 | CVE-2024-6593 | Incorrect Authorization vulnerability in Watchguard Authentication Gateway Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2. | 9.1 |
2024-09-25 | CVE-2024-8275 | SQL Injection vulnerability in Stellarwp the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
2024-09-25 | CVE-2024-8485 | Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. | 9.8 |
2024-09-25 | CVE-2024-43423 | Use of Hard-coded Credentials vulnerability in Doverfuelingsolutions products The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | 9.8 |
2024-09-25 | CVE-2024-43692 | Unspecified vulnerability in Doverfuelingsolutions products An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | 9.8 |
2024-09-25 | CVE-2024-43693 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
2024-09-25 | CVE-2024-45066 | Command Injection vulnerability in Doverfuelingsolutions products A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | 9.8 |
2024-09-25 | CVE-2024-8436 | The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.9 |
2024-09-25 | CVE-2024-8877 | SQL Injection vulnerability in Riello-Ups Netman 204 Firmware 02.05 Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. | 9.8 |
2024-09-25 | CVE-2024-8878 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05 The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05. | 9.8 |