Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-7682 | SQL Injection vulnerability in Fabianros JOB Portal 1.0 A vulnerability was found in code-projects Job Portal 1.0. | 9.8 |
| 2024-08-08 | CVE-2024-41161 | Use of Hard-coded Credentials vulnerability in Vonets products Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and WiFi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication using hard-coded administrator credentials. | 9.8 |
| 2024-08-08 | CVE-2024-42366 | Cross-site Scripting vulnerability in Vrcx-Team Vrcx VRCX is an assistant/companion application for VRChat. | 9.0 |
| 2024-08-08 | CVE-2024-42355 | Code Injection vulnerability in Shopware Shopware, an open ecommerce platform, has a new Twig Tag `sw_silent_feature_call` which silences deprecation messages while triggered in this tag. | 9.8 |
| 2024-08-08 | CVE-2024-42357 | SQL Injection vulnerability in Shopware Shopware is an open commerce platform. | 9.8 |
| 2024-08-08 | CVE-2024-7490 | Classic Buffer Overflow vulnerability in Microchip Advanced Software Framework Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. | 9.8 |
| 2024-08-08 | CVE-2024-42256 | Unspecified vulnerability in Linux Kernel 6.10/6.10.0 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting. Fix this by just removing the repick code in smb2_async_writev(). | 9.8 |
| 2024-08-08 | CVE-2024-7350 | The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. network low complexity critical | 9.8 |
| 2024-08-07 | CVE-2024-41912 | Unspecified vulnerability in HP Poly Clariti Manager Firmware A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. | 9.8 |
| 2024-08-07 | CVE-2024-41237 | SQL Injection vulnerability in Lopalopa Responsive School Management System 3.2.0 A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. | 9.8 |