Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-8415 SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0
A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical.
network
low complexity
oretnom23 CWE-89
critical
9.8
2024-09-04 CVE-2024-45076 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Webmethods Integration 10.15
IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system.
network
low complexity
ibm CWE-434
critical
9.9
2024-09-04 CVE-2024-7076 SQL Injection vulnerability in Semtekyazilim Semtek Sempos
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc.
network
low complexity
semtekyazilim CWE-89
critical
9.8
2024-09-04 CVE-2024-7078 SQL Injection vulnerability in Semtekyazilim Semtek Sempos
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc.
network
low complexity
semtekyazilim CWE-89
critical
9.8
2024-09-04 CVE-2024-7012 Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration.
network
low complexity
redhat CWE-287
critical
9.8
2024-09-04 CVE-2024-7923 Unspecified vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration.
network
low complexity
redhat
critical
9.8
2024-09-04 CVE-2024-8408 Out-of-bounds Write vulnerability in Linksys Wrt54G Firmware 4.21.5
A vulnerability was found in Linksys WRT54G 4.21.5.
network
low complexity
linksys CWE-787
critical
9.8
2024-09-04 CVE-2024-44400 Command Injection vulnerability in Dlink Di-8400 Firmware 16.07.26A1
A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical.
network
low complexity
dlink CWE-77
critical
9.8
2024-09-04 CVE-2024-45507 Unspecified vulnerability in Apache Ofbiz
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
network
low complexity
apache
critical
9.8
2024-09-04 CVE-2024-8289 Missing Authorization vulnerability in Multivendorx
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0.
network
low complexity
multivendorx CWE-862
critical
9.8