Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-9004 | OS Command Injection vulnerability in Dlink Dar-7000 Firmware A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. | 9.8 |
| 2024-09-19 | CVE-2024-33109 | Path Traversal vulnerability in multiple products Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | 9.8 |
| 2024-09-19 | CVE-2024-40125 | Unrestricted Upload of File with Dangerous Type vulnerability in Closed-Loop Cless Server 4.5.2 An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | 9.8 |
| 2024-09-19 | CVE-2024-8963 | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |
| 2024-09-19 | CVE-2024-31570 | Out-of-bounds Write vulnerability in Freeimage Project Freeimage libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | 9.8 |
| 2024-09-19 | CVE-2024-47088 | Improper Restriction of Excessive Authentication Attempts vulnerability in Apexsoftcell LD DP Back Office and LD GEO This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. | 9.8 |
| 2024-09-18 | CVE-2024-46986 | Path Traversal vulnerability in Tuzitio Camaleon CMS Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. | 9.9 |
| 2024-09-18 | CVE-2024-34026 | Out-of-bounds Write vulnerability in Openplcproject Openplc V3 Firmware 20240404 A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. | 9.8 |
| 2024-09-18 | CVE-2024-8892 | Unspecified vulnerability in Circutor Tcp2Rs+ Firmware 1.3B Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. | 9.1 |
| 2024-09-18 | CVE-2024-8889 | Unspecified vulnerability in Circutor Tcp2Rs+ Firmware 1.3B Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. | 9.1 |