Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-6917 | OS Command Injection vulnerability in Veribase Order Management Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. | 9.8 |
| 2024-08-12 | CVE-2024-21876 | Path Traversal vulnerability in Enphase IQ Gateway Firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225. | 9.1 |
| 2024-08-12 | CVE-2024-21878 | OS Command Injection vulnerability in Enphase IQ Gateway Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. | 9.8 |
| 2024-08-12 | CVE-2024-37023 | Command Injection vulnerability in Vonets products Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters. | 9.9 |
| 2024-08-12 | CVE-2024-38219 | Type Confusion vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 9.0 |
| 2024-08-12 | CVE-2024-39791 | Out-of-bounds Write vulnerability in Vonets products Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code. | 9.8 |
| 2024-08-12 | CVE-2024-40472 | SQL Injection vulnerability in Rems Daily Calories Monitoring Tool 1.0 Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL Injection via "delete-calorie.php." | 9.8 |
| 2024-08-12 | CVE-2024-40480 | Unspecified vulnerability in Jayesh Online Exam System 1.0 A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | 9.8 |
| 2024-08-12 | CVE-2024-41570 | Server-Side Request Forgery (SSRF) vulnerability in Havocframework Havoc An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server. | 9.8 |
| 2024-08-12 | CVE-2024-42001 | Forced Browsing vulnerability in Vonets products An improper authentication vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior enables an unauthenticated remote attacker to bypass authentication via a specially crafted direct request when another user has an active session. | 9.8 |