Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2024-8807 Unspecified vulnerability in Cohesive Vns3
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability.
network
low complexity
cohesive
critical
9.8
2024-11-22 CVE-2023-51638 Unspecified vulnerability in Alltena Allegra
Allegra Hard-coded Credentials Authentication Bypass Vulnerability.
network
low complexity
alltena
critical
9.8
2024-11-22 CVE-2023-51639 Unspecified vulnerability in Alltena Allegra
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability.
network
low complexity
alltena
critical
9.8
2024-11-22 CVE-2024-53438 SQL Injection vulnerability in Churchcrm 5.7.0
EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection.
network
low complexity
churchcrm CWE-89
critical
9.8
2024-11-22 CVE-2021-38135 Unspecified vulnerability in Microfocus Imanager
Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
network
low complexity
microfocus
critical
9.8
2024-11-22 CVE-2023-24466 Unspecified vulnerability in Microfocus Imanager
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus
critical
9.8
2024-11-22 CVE-2023-24467 Unspecified vulnerability in Microfocus Imanager
Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
network
low complexity
microfocus
critical
9.8
2024-11-22 CVE-2024-52723 OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.1041B20240224
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering.
network
low complexity
totolink CWE-78
critical
9.8
2024-11-22 CVE-2024-41779 IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.
network
low complexity
CWE-367
critical
9.8
2024-11-21 CVE-2024-52053 Unspecified vulnerability in Wowza Streaming Engine
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.
network
low complexity
wowza
critical
9.6