Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-07 | CVE-2024-47557 | Path Traversal vulnerability in Xerox Freeflow Core Pre-Auth RCE via Path Traversal | 9.8 |
| 2024-10-07 | CVE-2024-46446 | Path Traversal vulnerability in Mecha-Cms Mecha 3.0.0 Mecha CMS 3.0.0 is vulnerable to Directory Traversal. | 9.8 |
| 2024-10-07 | CVE-2024-33066 | Unspecified vulnerability in Qualcomm products Memory corruption while redirecting log file to any file location with any file name. | 9.8 |
| 2024-10-05 | CVE-2024-47849 | SQL Injection vulnerability in Mediawiki Cargo 3.6.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 9.8 |
| 2024-10-04 | CVE-2024-43685 | Improper Authentication vulnerability in Microchip Timeprovider 4100 Firmware Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | 9.8 |
| 2024-10-04 | CVE-2024-47656 | Improper Restriction of Excessive Authentication Attempts vulnerability in Shilpisoft Client Dashboard This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. | 9.8 |
| 2024-10-03 | CVE-2024-43699 | SQL Injection vulnerability in Deltaww Diaenergie Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. | 9.8 |
| 2024-10-03 | CVE-2024-41593 | Out-of-bounds Write vulnerability in Draytek products DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | 9.8 |
| 2024-10-03 | CVE-2024-7824 | Type Confusion vulnerability in Webroot Secureanywhere web Shield Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | 9.8 |
| 2024-10-03 | CVE-2024-7825 | Type Confusion vulnerability in Webroot Secureanywhere web Shield Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3. | 9.8 |