Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-6800 Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML.
network
low complexity
github CWE-347
critical
9.8
2024-08-20 CVE-2024-38175 An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
network
low complexity
CWE-284
critical
9.6
2024-08-20 CVE-2024-30949 Integer Overflow or Wraparound vulnerability in Newlib Project Newlib 4.3.0
An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.
network
low complexity
newlib-project CWE-190
critical
9.8
2024-08-20 CVE-2024-35540 Cross-site Scripting vulnerability in Typecho
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
typecho CWE-79
critical
9.0
2024-08-20 CVE-2024-43404 Code Injection vulnerability in Megacord Megabot
MEGABOT is a fully customized Discord bot for learning and fun.
network
low complexity
megacord CWE-94
critical
9.8
2024-08-20 CVE-2024-8003 Deserialization of Untrusted Data vulnerability in Gotribe Gotribe-Admin 1.0
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic.
network
low complexity
gotribe CWE-502
critical
9.8
2024-08-20 CVE-2024-8005 Use of Hard-coded Credentials vulnerability in Demozx GF CMS
A vulnerability was found in demozx gf_cms 1.0/1.0.1.
network
low complexity
demozx CWE-798
critical
9.8
2024-08-20 CVE-2024-42336 Improper Authentication vulnerability in Servision IVG Webmax 1.0.57
Servision - CWE-287: Improper Authentication
network
low complexity
servision CWE-287
critical
9.8
2024-08-20 CVE-2024-42566 SQL Injection vulnerability in Arajajyothibabu School Management System
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php
network
low complexity
arajajyothibabu CWE-89
critical
9.8
2024-08-20 CVE-2024-42567 SQL Injection vulnerability in Arajajyothibabu School Management System
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
network
low complexity
arajajyothibabu CWE-89
critical
9.8