Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-46451 | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | 9.8 |
| 2024-09-16 | CVE-2024-22399 | Unspecified vulnerability in Apache Seata Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. | 9.8 |
| 2024-09-16 | CVE-2024-45694 | Stack-based Buffer Overflow vulnerability in Dlink Dir-X4860 Firmware and Dir-X5460 Firmware The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |
| 2024-09-16 | CVE-2024-45695 | Out-of-bounds Write vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | 9.8 |
| 2024-09-16 | CVE-2024-45697 | Hidden Functionality vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. | 9.8 |
| 2024-09-16 | CVE-2024-45698 | Use of Hard-coded Credentials vulnerability in Dlink Dir-X4860 Firmware 1.00/1.04 Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | 9.8 |
| 2024-09-16 | CVE-2024-46958 | Unspecified vulnerability in Nextcloud Desktop 3.13.1/3.13.2/3.13.3 In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. | 9.1 |
| 2024-09-16 | CVE-2024-8880 | Code Injection vulnerability in Playsms A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. | 9.8 |
| 2024-09-15 | CVE-2024-8875 | Path Traversal vulnerability in Wcms A vulnerability classified as critical was found in vedees wcms up to 0.3.2. | 9.1 |
| 2024-09-15 | CVE-2024-8868 | SQL Injection vulnerability in Code-Projects Crud Operation System 1.0 A vulnerability was found in code-projects Crud Operation System 1.0. | 9.8 |