Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-39583 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Insightiq 5.0.1/5.1.0 Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. | 9.8 |
| 2024-09-10 | CVE-2024-6596 | Code Injection vulnerability in Endress products An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context. | 9.8 |
| 2024-09-10 | CVE-2024-6342 | **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | 9.8 |
| 2024-09-09 | CVE-2024-44410 | Command Injection vulnerability in Dlink Di-8300 Firmware 16.07.26A1 D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | 9.8 |
| 2024-09-09 | CVE-2024-8611 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. | 9.8 |
| 2024-09-09 | CVE-2024-44902 | Deserialization of Untrusted Data vulnerability in Thinkphp A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | 9.8 |
| 2024-09-09 | CVE-2024-6795 | SQL Injection vulnerability in Baxter Connex Health Portal In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database. | 9.8 |
| 2024-09-09 | CVE-2024-6796 | Unspecified vulnerability in Baxter Connex Health Portal In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content. | 9.1 |
| 2024-09-09 | CVE-2024-40643 | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin is a free, open source note taking and to-do application. | 9.6 |
| 2024-09-09 | CVE-2024-7015 | Improper Authorization vulnerability in Profelis Passbox Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | 9.8 |