High Vulnerabilities
Primary
Vendor — Product
Description
Published
CVSS Score
Source & Patch Info
academy_lms — academy_lms
Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16.
2024-05-06
7.1
CVE-2024-33912
brevo_for_woocommerce — sendinblue_for_woocommerce
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Brevo for WooCommerce Sendinblue for WooCommerce.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17.
2024-05-06
8.5
CVE-2024-32807
brocade — brocade_sannav
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database.
2024-05-08
7.8
CVE-2024-2860
codesys — codesys_development_system_v2.3
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.
2024-05-06
7.8
CVE-2023-49675
delta_electronics — diaenergie
A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a ‘RecalculateScript’ message, which is splitted into 4 fields using the ‘~’ character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field
2024-05-06
9.8
CVE-2024-4547
delta_electronics — diaenergie
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a ‘RecalculateHDMWYC’ message, which is split into 4 fields using the ‘~’ character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
2024-05-06
9.8
CVE-2024-4548
delta_electronics — diaenergie
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an ‘ICS Restart!’ message, CEBC.exe restarts the system.
2024-05-06
7.5
CVE-2024-4549
denoland — deno
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading `/proc/self/environ` may provide access equivalent to `–allow-env`, and writing `/proc/self/mem` may provide access equivalent to `–allow-all`. Users who grant read and write access to the entire filesystem may not reali