Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-8211 | OS Command Injection vulnerability in Dlink products A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. | 9.8 |
| 2024-08-27 | CVE-2024-36068 | Unspecified vulnerability in Rubrik Cloud Data Management An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | 9.8 |
| 2024-08-27 | CVE-2024-7720 | Unspecified vulnerability in HP Security Manager 3.11 HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | 9.8 |
| 2024-08-27 | CVE-2024-41622 | OS Command Injection vulnerability in Dlink Dir-846W Firmware Fw100A43 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. | 9.8 |
| 2024-08-27 | CVE-2024-44341 | OS Command Injection vulnerability in Dlink Dir-846W Firmware Fw100A43 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. | 9.8 |
| 2024-08-27 | CVE-2024-44342 | OS Command Injection vulnerability in Dlink Dir-846W Firmware Fw100A43 D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. | 9.8 |
| 2024-08-27 | CVE-2024-6633 | Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. | 9.8 |
| 2024-08-27 | CVE-2024-7071 | SQL Injection vulnerability in Brainlowcode Brain Low-Code Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. | 9.8 |
| 2024-08-27 | CVE-2024-7940 | Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada X Sys600 The product exposes a service that is intended for local only to all network interfaces without any authentication. | 9.8 |
| 2024-08-27 | CVE-2024-41174 | Cross-site Scripting vulnerability in Beckhoff IPC Diagnostics Package and Twincat/Bsd The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. | 9.0 |