Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-34657 | Out-of-bounds Write vulnerability in Samsung Notes Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. | 9.8 |
| 2024-09-04 | CVE-2024-6926 | SQL Injection vulnerability in Wow-Company Viral Signup The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | 9.8 |
| 2024-09-04 | CVE-2024-45443 | Path Traversal vulnerability in Huawei Emui and Harmonyos Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 9.1 |
| 2024-09-04 | CVE-2024-7950 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. | 9.8 |
| 2024-09-03 | CVE-2024-45390 | Code Injection vulnerability in Blakeembrey Template @blakeembrey/template is a string template library. | 9.8 |
| 2024-09-03 | CVE-2024-45307 | Missing Authorization vulnerability in Onesoftnet Sudobot SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. | 9.8 |
| 2024-09-03 | CVE-2024-7345 | Code Injection vulnerability in Progress Openedge Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | 9.6 |
| 2024-09-03 | CVE-2024-4259 | Unspecified vulnerability in Sambas Akos 20240902 Improper Privilege Management vulnerability in SAMPAS Holding AKOS allows Collect Data as Provided by Users.This issue affects AKOS: through 20240902. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 |
| 2024-09-03 | CVE-2024-8381 | Type Confusion vulnerability in Mozilla Firefox ESR A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. | 9.8 |
| 2024-09-03 | CVE-2024-8384 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. | 9.8 |