Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-4259 | Unspecified vulnerability in Sambas Akos 20240902 Improper Privilege Management vulnerability in SAMPA? Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 |
| 2024-09-03 | CVE-2024-8381 | Type Confusion vulnerability in Mozilla Firefox ESR A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. | 9.8 |
| 2024-09-03 | CVE-2024-8384 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. | 9.8 |
| 2024-09-03 | CVE-2024-8385 | Type Confusion vulnerability in Mozilla Firefox A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. | 9.8 |
| 2024-09-03 | CVE-2024-8387 | Out-of-bounds Write vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. | 9.8 |
| 2024-09-03 | CVE-2024-8389 | Out-of-bounds Write vulnerability in Mozilla Firefox 129.0 Memory safety bugs present in Firefox 129. | 9.8 |
| 2024-09-03 | CVE-2024-44921 | SQL Injection vulnerability in Seacms 12.9 SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | 9.8 |
| 2024-09-03 | CVE-2024-7261 | OS Command Injection vulnerability in Zyxel products The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. | 9.8 |
| 2024-09-03 | CVE-2024-8380 | SQL Injection vulnerability in Rems Contact Manager With Export to VCF 1.0 A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. | 9.8 |
| 2024-09-02 | CVE-2024-6919 | SQL Injection vulnerability in NAC Nacpremium Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. | 9.8 |