Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-7098 | XXE vulnerability in SFS Winsure Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 |
| 2024-09-16 | CVE-2024-7104 | Code Injection vulnerability in SFS Winsure Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2. | 9.8 |
| 2024-09-16 | CVE-2024-46419 | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | 9.8 |
| 2024-09-16 | CVE-2024-46451 | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | 9.8 |
| 2024-09-16 | CVE-2024-22399 | Deserialization of Untrusted Data vulnerability in Apache Seata Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. | 9.8 |
| 2024-09-16 | CVE-2024-45694 | Stack-based Buffer Overflow vulnerability in Dlink Dir-X4860 Firmware and Dir-X5460 Firmware The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |
| 2024-09-16 | CVE-2024-45695 | Out-of-bounds Write vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |
| 2024-09-16 | CVE-2024-45697 | Hidden Functionality vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. | 9.8 |
| 2024-09-16 | CVE-2024-45698 | Use of Hard-coded Credentials vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | 9.8 |
| 2024-09-16 | CVE-2024-46958 | Unspecified vulnerability in Nextcloud Desktop 3.13.1/3.13.2/3.13.3 In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. | 9.1 |