Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-07 | CVE-2024-40711 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420 A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | 9.8 |
| 2024-09-06 | CVE-2024-44401 | Command Injection vulnerability in Dlink Di-8100G Firmware 17.12.20A1 D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file | 9.8 |
| 2024-09-06 | CVE-2024-44402 | Command Injection vulnerability in Dlink Di-8100G Firmware 17.12.20A1 D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. | 9.8 |
| 2024-09-06 | CVE-2024-8517 | Unspecified vulnerability in Spip SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. | 9.8 |
| 2024-09-06 | CVE-2024-7493 | Unspecified vulnerability in Wpcom Member The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. | 9.8 |
| 2024-09-06 | CVE-2024-8292 | Authorization Bypass Through User-Controlled Key vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. | 9.8 |
| 2024-09-05 | CVE-2024-8395 | SQL Injection vulnerability in Flycass FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | 9.8 |
| 2024-09-05 | CVE-2024-45159 | Improper Certificate Validation vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS 3.x before 3.6.1. | 9.8 |
| 2024-09-05 | CVE-2024-24759 | Server-Side Request Forgery (SSRF) vulnerability in Mindsdb MindsDB is a platform for building artificial intelligence from enterprise data. | 9.1 |
| 2024-09-05 | CVE-2024-44727 | SQL Injection vulnerability in Angeljudesuarez Event Management System 1.0 Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. | 9.8 |