Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-8385 | Type Confusion vulnerability in Mozilla Firefox A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. | 9.8 |
| 2024-09-03 | CVE-2024-8387 | Out-of-bounds Write vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. | 9.8 |
| 2024-09-03 | CVE-2024-8389 | Out-of-bounds Write vulnerability in Mozilla Firefox 129.0 Memory safety bugs present in Firefox 129. | 9.8 |
| 2024-09-03 | CVE-2024-44921 | SQL Injection vulnerability in Seacms 12.9 SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | 9.8 |
| 2024-09-03 | CVE-2024-7261 | OS Command Injection vulnerability in Zyxel products The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware version 7.00(ACDO.1) and earlier, WBE530 firmware version 7.00(ACLE.1) and earlier, and USG LITE 60AX firmware version V2.00(ACIP.2) could allow an unauthenticated attacker to execute OS commands by sending a crafted cookie to a vulnerable device. | 9.8 |
| 2024-09-03 | CVE-2024-8380 | SQL Injection vulnerability in Rems Contact Manager With Export to VCF 1.0 A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. | 9.8 |
| 2024-09-02 | CVE-2024-6919 | SQL Injection vulnerability in NAC Nacpremium Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. | 9.8 |
| 2024-09-02 | CVE-2024-43772 | SQL Injection vulnerability in Easytest Online Test Platform SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. | 9.8 |
| 2024-09-02 | CVE-2024-43773 | SQL Injection vulnerability in Easytest Online Test Platform SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. | 9.8 |
| 2024-09-02 | CVE-2024-45522 | Unspecified vulnerability in Linen Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. | 9.8 |