Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2024-29847 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | 9.8 |
| 2024-09-11 | CVE-2024-8692 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tduckcloud Tduckpro A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. | 9.8 |
| 2024-09-11 | CVE-2024-44466 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. | 9.8 |
| 2024-09-11 | CVE-2024-27112 | SQL Injection vulnerability in Soplanning A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2024-27113 | Authorization Bypass Through User-Controlled Key vulnerability in Soplanning An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
| 2024-09-11 | CVE-2024-27114 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Soplanning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. | 9.8 |
| 2024-09-11 | CVE-2024-27115 | Unrestricted Upload of File with Dangerous Type vulnerability in Soplanning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. | 9.8 |
| 2024-09-11 | CVE-2024-45790 | Improper Restriction of Excessive Authentication Attempts vulnerability in Reedos Aim-Star 2.0.1 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. | 9.8 |
| 2024-09-11 | CVE-2024-6091 | OS Command Injection vulnerability in Agpt Autogpt 0.5.1 A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. | 9.8 |
| 2024-09-11 | CVE-2024-8277 | Missing Authentication for Critical Function vulnerability in Villatheme Woocommerce Photo Reviews The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. | 9.8 |