Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-7500 | Unrestricted Upload of File with Dangerous Type vulnerability in Angeljudesuarez Airline Reservation System 1.0 A vulnerability was found in itsourcecode Airline Reservation System 1.0. | 9.8 |
| 2024-08-06 | CVE-2024-7505 | SQL Injection vulnerability in Rainniar Bike Delivery System 1.0 A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. | 9.8 |
| 2024-08-06 | CVE-2024-7498 | SQL Injection vulnerability in Angeljudesuarez Airline Reservation System 1.0 A vulnerability was found in itsourcecode Airline Reservation System 1.0. | 9.8 |
| 2024-08-06 | CVE-2024-7499 | SQL Injection vulnerability in Angeljudesuarez Airline Reservation System 1.0 A vulnerability was found in itsourcecode Airline Reservation System 1.0. | 9.8 |
| 2024-08-06 | CVE-2024-7495 | Unrestricted Upload of File with Dangerous Type vulnerability in Itsourcecode Laravel Accounting System 1.0 A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. | 9.8 |
| 2024-08-05 | CVE-2024-7494 | SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. | 9.8 |
| 2024-08-05 | CVE-2024-42008 | Cross-site Scripting vulnerability in Roundcube Webmail A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. | 9.3 |
| 2024-08-05 | CVE-2024-42009 | Cross-site Scripting vulnerability in Roundcube Webmail A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | 9.3 |
| 2024-08-05 | CVE-2024-38856 | Unspecified vulnerability in Apache Ofbiz Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | 9.8 |
| 2024-08-05 | CVE-2024-42447 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Fab 1.2.0/1.2.1 Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. | 9.8 |