Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-07 | CVE-2024-7578 | Improper Authorization vulnerability in Alientechnology Alr-F800 Firmware A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. | 9.8 |
| 2024-08-07 | CVE-2024-36130 | Improper Authentication vulnerability in Ivanti Endpoint Manager Mobile An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. | 9.8 |
| 2024-08-06 | CVE-2024-41270 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Appleboy Gorush An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. | 9.1 |
| 2024-08-06 | CVE-2024-28740 | Cross-site Scripting vulnerability in Koha Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. | 9.6 |
| 2024-08-06 | CVE-2024-42393 | Out-of-bounds Write vulnerability in multiple products There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. | 9.8 |
| 2024-08-06 | CVE-2024-42394 | Out-of-bounds Write vulnerability in multiple products There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. | 9.8 |
| 2024-08-06 | CVE-2024-42395 | Out-of-bounds Write vulnerability in multiple products There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. | 9.8 |
| 2024-08-06 | CVE-2024-39227 | Injection vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. | 9.8 |
| 2024-08-06 | CVE-2024-23483 | OS Command Injection vulnerability in Zscaler Client Connector An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. | 9.8 |
| 2024-08-06 | CVE-2024-39225 | Improper Restriction of Excessive Authentication Attempts vulnerability in Gl-Inet products GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. | 9.8 |