Latest critical severity Vulnerabilities

● CVE-2024-41120

streamlit-geospatial blind SSRF in pages/9_🔲_Vector_Data_Visualization.py

● CVE-2024-41119

streamlit-geospatial remote code execution in pages/8_🏜️_Raster_Data_Visualization.py

● CVE-2024-41117

Remote code execution in streamlit geospatial in pages/10_🌍_Earth_Engine_Datasets.py

● CVE-2024-41116

Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option vis_params

● CVE-2024-41115

Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Ocean Color SMI option palette

● CVE-2024-41114

Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option

● CVE-2024-41113

Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option vis_params

● CVE-2024-41112

Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py Any Earth Engine ImageCollection option palette

● CVE-2024-24622

Softaculous Webuzo Password Reset Command Injection

● CVE-2024-24623

Softaculous Webuzo FTP Management Command Injection

● CVE-2024-24621

Softaculous Webuzo Authentication Bypass

● GHSA-p528-3mvf-gr87

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file s...

maven/org.springframework.cloud:spring-cloud-skipper<2.11.4

● CVE-2024-39671

Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Huawei Emui=14.0.0

Huawei Harmonyos=4.0.0

Huawei Harmonyos=4.2.0

● CVE-2024-37084

Remote code execution in Spring Cloud Data Flow

maven/org.springframework.cloud:spring-cloud-skipper<2.11.4

● CVE-2024-7081

itsourcecode Tailoring Management System expcatadd.php sql injection

Tailoring Management System Project Tailoring Management System=1.0

● CVE-2024-41110

Moby authz zero length regression

● CVE-2024-41914

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an a...

Arubanetworks Edgeconnect Sd-wan Orchestrator>=9.1.0<=9.1.9

Arubanetworks Edgeconnect Sd-wan Orchestrator>=9.2.0<=9.2.9

Arubanetworks Edgeconnect Sd-wan Orchestrator>=9.3.0<=9.3.2

Arubanetworks Edgeconnect Sd-wan Orchestrator>=9.4.0<=9.4.1

● CVE-2023-45249

Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build...

Acronis Cyber Infrastructure<5.0.1-61

Acronis Cyber Infrastructure>=5.1.1<5.1.1-71

Acronis Cyber Infrastructure>=5.2.1<5.2.1-69

Acronis Cyber Infrastructure>=5.3.1<5.3.1-53

Acronis Cyber Infrastructure>=5.4.4<5.4.4-132

● CVE-2024-6096

Unsafe Deserialization Vulnerability

Progress Telerik Reporting<18.1.24.709

● CVE-2024-6327

Progress Telerik Report Server Deserialization

Progress Telerik Report Server<10.1.24.709

● CVE-2024-41551

CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .

CampCodes Supplier Management System=1.0

● CVE-2024-41461

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.

Tendacn Fh1201 Firmware=1.2.0.14

Tendacn Fh1201

● CVE-2024-40422

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traver...

stitionai devika=1.0

● CVE-2024-41459

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.

Tendacn Fh1201 Firmware=1.2.0.14

Tendacn Fh1201

● CVE-2024-41460

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.

Tendacn Fh1201 Firmware=1.2.0.14

Tendacn Fh1201

● CVE-2024-38164

GroupMe Elevation of Privilege Vulnerability

Microsoft GroupMe

● CVE-2024-41319

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.

Totolink A6000r Firmware=1.0.1-b20201211.2000

TOTOLINK A6000R

● CVE-2024-6806

Missing Authorization Checks In NI VeriStand Gateway For Project Resources

● CVE-2024-6913

Execution with Unnecessary Privileges

● CVE-2024-6912

Hardcoded MSSQL Credentials

● CVE-2024-6794

Deserialization of Untrusted Data in NI VeriStand Waveform Streaming Server

● CVE-2024-6793

Deserialization of Untrusted Data in NI VeriStand DataLogging Server

● GHSA-9gq7-p5w9-w899

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send maliciou...

pip/anki<24.06

● CVE-2024-39686

fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py bert_gen function

● CVE-2024-39685

fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function

● CVE-2024-26020

pip/anki<24.06

● CVE-2024-21552

All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary...

● CVE-2024-37998

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affect...

● CVE-2024-38773

WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability

● CVE-2024-6970

itsourcecode Tailoring Management System staffcatadd.php sql injection

Tailoring Management System Project Tailoring Management System=1.0

● CVE-2024-6966

itsourcecode Online Blood Bank Management System Login login.php sql injection

Online Blood Bank Management System Project Online Blood Bank Management System=1.0

● CVE-2024-6965

Tenda O3 fromVirtualSet stack-based overflow

Tenda O3 Firmware1.0.0.10\(2478\)

Tenda O3=2.0

● CVE-2024-6964

Tenda O3 fromDhcpSetSer stack-based overflow

Tenda O3 Firmware1.0.0.10\(2478\)

Tenda O3=2.0

● CVE-2024-6963

Tenda O3 formexeCommand stack-based overflow

Tenda O3 Firmware1.0.0.10\(2478\)

Tenda O3=2.0

● CVE-2024-37391

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.

Proton Protonvpn<3.2.10

Microsoft Windows

● CVE-2024-41703

LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)

Librechat Librechat<=0.7.3

Librechat Librechat=0.7.4-rc1

● CVE-2024-41704

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)

Librechat Librechat<=0.7.3

Librechat Librechat=0.7.4-rc1

● CVE-2024-6962

Tenda O3 formQosSet stack-based overflow