Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-20 CVE-2024-1297 Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
network
low complexity
CWE-94
critical
 10.0
10
2024-02-20 CVE-2024-1644 Suite CRM version 7.14.2 allows including local php files.
network
low complexity
CWE-434
critical
 9.9
9.9
2024-02-20 CVE-2024-1651 Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
network
low complexity
CWE-502
critical
 10.0
10
2024-02-19 CVE-2024-1597 SQL Injection vulnerability in multiple products
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.
network
low complexity
postgresql fedoraproject CWE-89
critical
 9.8
9.8
2024-02-15 CVE-2023-40057 Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-502
critical
 9.0
9.0
2024-02-15 CVE-2024-23476 Path Traversal vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-22
critical
 9.6
9.6
2024-02-15 CVE-2024-23477 Path Traversal vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-22
critical
 9.6
9.6
2024-02-15 CVE-2024-23479 Path Traversal vulnerability in Solarwinds Access Rights Manager
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-22
critical
 9.6
9.6
2024-02-15 CVE-2023-5155 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-02-15 CVE-2023-7081 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSIL Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.
network
low complexity
CWE-89
critical
 9.8
9.8