Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-41622 OS Command Injection vulnerability in Dlink Dir-846W Firmware Fw100A43
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.
network
low complexity
dlink CWE-78
critical
9.8
2024-08-27 CVE-2024-44341 OS Command Injection vulnerability in Dlink Dir-846W Firmware Fw100A43
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter.
network
low complexity
dlink CWE-78
critical
9.8
2024-08-27 CVE-2024-44342 OS Command Injection vulnerability in Dlink Dir-846W Firmware Fw100A43
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter.
network
low complexity
dlink CWE-78
critical
9.8
2024-08-27 CVE-2024-6633 Use of Hard-coded Credentials vulnerability in Fortra Filecatalyst Workflow
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article.
network
low complexity
fortra CWE-798
critical
9.8
2024-08-27 CVE-2024-7071 SQL Injection vulnerability in Brainlowcode Brain Low-Code
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc.
network
low complexity
brainlowcode CWE-89
critical
9.8
2024-08-27 CVE-2024-7940 Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada X Sys600
The product exposes a service that is intended for local only to all network interfaces without any authentication.
network
low complexity
hitachienergy CWE-306
critical
9.8
2024-08-27 CVE-2024-41174 Cross-site Scripting vulnerability in Beckhoff IPC Diagnostics Package and Twincat/Bsd
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.
network
low complexity
beckhoff CWE-79
critical
9.0
2024-08-26 CVE-2024-42913 SQL Injection vulnerability in Ruoyi 4.7.9
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
network
low complexity
ruoyi CWE-89
critical
9.8
2024-08-26 CVE-2024-45265 SQL Injection vulnerability in Skyss Arfa-Cms
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.
network
low complexity
skyss CWE-89
critical
9.8
2024-08-26 CVE-2024-41444 SQL Injection vulnerability in Seacms 12.9
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
network
low complexity
seacms CWE-89
critical
9.8