Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-16 | CVE-2024-35338 | Use of Hard-coded Credentials vulnerability in Tendacn I29 Firmware 1.0.0.5 Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. | 9.8 |
2024-07-16 | CVE-2024-6457 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity critical | 9.8 |
2024-07-15 | CVE-2024-6745 | SQL Injection vulnerability in Code-Projects Simple Ticket Booking 1.0 A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. | 9.8 |
2024-07-15 | CVE-2024-6743 | SQL Injection vulnerability in Space Management System Project Space Management System 202404093302 AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 |
2024-07-15 | CVE-2024-6744 | Out-of-bounds Write vulnerability in Cellopoint Secure Email Gateway The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. | 9.8 |
2024-07-15 | CVE-2024-39736 | Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
2024-07-12 | CVE-2024-40539 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user. | 9.8 |
2024-07-12 | CVE-2024-40540 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept. | 9.8 |
2024-07-12 | CVE-2024-40541 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. | 9.8 |
2024-07-12 | CVE-2024-40542 | SQL Injection vulnerability in Codermy My-Springsecurity-Plus my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. | 9.8 |