Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2024-11237 | Out-of-bounds Write vulnerability in Tp-Link Vn020-F3V(T) Firmware Ttv6.2.1021 A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. | 9.8 |
| 2024-11-15 | CVE-2021-3838 | Unspecified vulnerability in Dompdf Project Dompdf DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. | 9.8 |
| 2024-11-15 | CVE-2021-3902 | Unspecified vulnerability in Dompdf Project Dompdf An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. | 9.8 |
| 2024-11-15 | CVE-2022-1884 | Command Injection vulnerability in Gogs A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. | 9.8 |
| 2024-11-15 | CVE-2024-10443 | Command Injection vulnerability in Synology Beephotos and Photos Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2024-11-15 | CVE-2024-10534 | Unspecified vulnerability in Dataprom Personnel Attendance Control Systems / Access Control Security Systems Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024. | 9.8 |
| 2024-11-15 | CVE-2024-10924 | Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. | 9.8 |
| 2024-11-14 | CVE-2024-52308 | Unspecified vulnerability in Github CLI The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. | 9.6 |
| 2024-11-14 | CVE-2024-50823 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | 9.8 |
| 2024-11-14 | CVE-2024-50833 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | 9.8 |