Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-21 | CVE-2024-51151 | Command Injection vulnerability in Dlink Di-8200 Firmware 16.07.26A1 D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. | 9.8 |
| 2024-11-20 | CVE-2024-52677 | Unrestricted Upload of File with Dangerous Type vulnerability in Hkcms 2.3.0.230709 HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. | 9.8 |
| 2024-11-20 | CVE-2024-52765 | Unspecified vulnerability in H3C Gr-1800Ax Firmware Minigrw1B0V100R007 H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. | 9.8 |
| 2024-11-20 | CVE-2018-9478 | Out-of-bounds Write vulnerability in Google Android In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. | 9.8 |
| 2024-11-20 | CVE-2018-9479 | Out-of-bounds Write vulnerability in Google Android In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. | 9.8 |
| 2024-11-20 | CVE-2018-9467 | Unspecified vulnerability in Google Android In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. | 9.8 |
| 2024-11-19 | CVE-2024-52360 | Unspecified vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. | 9.8 |
| 2024-11-19 | CVE-2024-52714 | Classic Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.06.50Multi Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. | 9.8 |
| 2024-11-19 | CVE-2024-52759 | Classic Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1 D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. | 9.8 |
| 2024-11-19 | CVE-2024-11036 | Unspecified vulnerability in Gamipress The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. | 9.8 |