Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-44402 | Command Injection vulnerability in Dlink Di-8100G Firmware 17.12.20A1 D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. | 9.8 |
| 2024-09-06 | CVE-2024-8517 | Unspecified vulnerability in Spip SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. | 9.8 |
| 2024-09-06 | CVE-2024-7493 | Unspecified vulnerability in Wpcom Member The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. | 9.8 |
| 2024-09-06 | CVE-2024-8292 | Authorization Bypass Through User-Controlled Key vulnerability in Plechevandrey Wp-Recall The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. | 9.8 |
| 2024-09-05 | CVE-2024-8395 | SQL Injection vulnerability in Flycass FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | 9.8 |
| 2024-09-05 | CVE-2024-45159 | Improper Certificate Validation vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS 3.x before 3.6.1. | 9.8 |
| 2024-09-05 | CVE-2024-24759 | Server-Side Request Forgery (SSRF) vulnerability in Mindsdb MindsDB is a platform for building artificial intelligence from enterprise data. | 9.1 |
| 2024-09-05 | CVE-2024-44727 | SQL Injection vulnerability in Angeljudesuarez Event Management System 1.0 Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. | 9.8 |
| 2024-09-05 | CVE-2024-43102 | Use After Free vulnerability in Freebsd Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape. | 10.0 |
| 2024-09-04 | CVE-2024-8416 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 A vulnerability was found in SourceCodester Food Ordering Management System 1.0. | 9.8 |