Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-38194 Unspecified vulnerability in Microsoft Azure web Apps
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.
network
low complexity
microsoft
critical
 9.9
9.9
2024-09-10 CVE-2024-38216 Unspecified vulnerability in Microsoft Azure Stack HUB
Azure Stack Hub Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.0
9.0
2024-09-10 CVE-2024-38220 Unspecified vulnerability in Microsoft Azure Stack HUB
Azure Stack Hub Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.0
9.0
2024-09-10 CVE-2024-38225 Unspecified vulnerability in Microsoft Dynamics 365 Business Central 2023/2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2024-09-10 CVE-2024-38240 Unspecified vulnerability in Microsoft products
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2024-09-10 CVE-2024-43455 Unspecified vulnerability in Microsoft products
Windows Remote Desktop Licensing Service Spoofing Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2024-09-10 CVE-2024-43491 Unspecified vulnerability in Microsoft Windows 10 1507
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015).
network
low complexity
microsoft
critical
 9.8
9.8
2024-09-10 CVE-2023-36103 Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2024-09-10 CVE-2023-37234 Unspecified vulnerability in Loftware Spectrum
Loftware Spectrum through 4.6 has unprotected JMX Registry.
network
low complexity
loftware
critical
 9.8
9.8
2024-09-10 CVE-2024-44677 Server-Side Request Forgery (SSRF) vulnerability in Eladmin 2.7
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
network
low complexity
eladmin CWE-918
critical
 9.8
9.8