Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-06 | CVE-2024-8615 | Unrestricted Upload of File with Dangerous Type vulnerability in Eyecix Jobsearch WP JOB Board The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. | 9.8 |
| 2024-11-05 | CVE-2024-10844 | SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0 A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. | 9.8 |
| 2024-11-05 | CVE-2024-10845 | SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0 A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. | 9.8 |
| 2024-11-05 | CVE-2024-10687 | SQL Injection vulnerability in Contest-Gallery Contest Gallery The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-11-04 | CVE-2024-10791 | SQL Injection vulnerability in Codezips Hospital Appointment System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. | 9.8 |
| 2024-11-04 | CVE-2024-10766 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Free Exam Hall Seating Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. | 9.8 |
| 2024-11-04 | CVE-2024-51327 | SQL Injection vulnerability in Projectworlds Travel Management System 1.0 SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. | 9.8 |
| 2024-11-04 | CVE-2024-51136 | XXE vulnerability in Openimaj 1.3.10 An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file. | 9.8 |
| 2024-11-04 | CVE-2024-10764 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0 A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. | 9.8 |
| 2024-11-04 | CVE-2024-10765 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0 A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. | 9.8 |