Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-44400 | Command Injection vulnerability in Dlink Di-8400 Firmware 16.07.26A1 A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. | 9.8 |
| 2024-09-04 | CVE-2024-45507 | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 9.8 |
| 2024-09-04 | CVE-2024-8289 | Missing Authorization vulnerability in Multivendorx The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. | 9.8 |
| 2024-09-04 | CVE-2024-34657 | Out-of-bounds Write vulnerability in Samsung Notes Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. | 9.8 |
| 2024-09-04 | CVE-2024-6926 | SQL Injection vulnerability in Wow-Company Viral Signup The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | 9.8 |
| 2024-09-04 | CVE-2024-45443 | Path Traversal vulnerability in Huawei Emui and Harmonyos Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 9.1 |
| 2024-09-04 | CVE-2024-7950 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. | 9.8 |
| 2024-09-03 | CVE-2024-45390 | Code Injection vulnerability in Blakeembrey Template @blakeembrey/template is a string template library. | 9.8 |
| 2024-09-03 | CVE-2024-45307 | Missing Authorization vulnerability in Onesoftnet Sudobot SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. | 9.8 |
| 2024-09-03 | CVE-2024-7345 | Code Injection vulnerability in Progress Openedge Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | 9.6 |