Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-04 | CVE-2024-8415 | SQL Injection vulnerability in Oretnom23 Food Ordering Management System 1.0 A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical. | 9.8 |
2024-09-04 | CVE-2024-45076 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Webmethods Integration 10.15 IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | 9.9 |
2024-09-04 | CVE-2024-7076 | SQL Injection vulnerability in Semtekyazilim Semtek Sempos Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. | 9.8 |
2024-09-04 | CVE-2024-7078 | SQL Injection vulnerability in Semtekyazilim Semtek Sempos Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. | 9.8 |
2024-09-04 | CVE-2024-7012 | Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. | 9.8 |
2024-09-04 | CVE-2024-7923 | Unspecified vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. | 9.8 |
2024-09-04 | CVE-2024-8408 | Out-of-bounds Write vulnerability in Linksys Wrt54G Firmware 4.21.5 A vulnerability was found in Linksys WRT54G 4.21.5. | 9.8 |
2024-09-04 | CVE-2024-44400 | Command Injection vulnerability in Dlink Di-8400 Firmware 16.07.26A1 A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. | 9.8 |
2024-09-04 | CVE-2024-45507 | Unspecified vulnerability in Apache Ofbiz Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 9.8 |
2024-09-04 | CVE-2024-8289 | Missing Authorization vulnerability in Multivendorx The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. | 9.8 |