Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-6342 | **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | 9.8 |
| 2024-09-09 | CVE-2024-44410 | Command Injection vulnerability in Dlink Di-8300 Firmware 16.07.26A1 D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. | 9.8 |
| 2024-09-09 | CVE-2024-8611 | SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0 A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. | 9.8 |
| 2024-09-09 | CVE-2024-44902 | Deserialization of Untrusted Data vulnerability in Thinkphp A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | 9.8 |
| 2024-09-09 | CVE-2024-6795 | SQL Injection vulnerability in Baxter Connex Health Portal In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database. | 9.8 |
| 2024-09-09 | CVE-2024-6796 | Unspecified vulnerability in Baxter Connex Health Portal In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content. | 9.1 |
| 2024-09-09 | CVE-2024-40643 | Cross-site Scripting vulnerability in Joplin Project Joplin Joplin is a free, open source note taking and to-do application. | 9.6 |
| 2024-09-09 | CVE-2024-7015 | Improper Authorization vulnerability in Profelis Passbox Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | 9.8 |
| 2024-09-09 | CVE-2024-8584 | Unspecified vulnerability in Learningdigital Orca HCM Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. | 9.8 |
| 2024-09-08 | CVE-2024-8579 | Classic Buffer Overflow vulnerability in Totolink T8 Firmware 4.1.5Cu.861B20230220 A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. | 9.8 |