Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-10118 SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality.
network
low complexity
CWE-78
critical
9.8
2024-10-17 CVE-2024-43566 Unspecified vulnerability in Microsoft Edge Chromium
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
9.8
2024-10-17 CVE-2024-49217 Unspecified vulnerability in Madirisalmanaashish Adding Drop Down Roles in Registration
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.
network
low complexity
madirisalmanaashish
critical
9.8
2024-10-17 CVE-2005-10003 OS Command Injection vulnerability in Mikexstudios Xcomic
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2.
network
low complexity
mikexstudios CWE-78
critical
9.8
2024-10-17 CVE-2024-9862 Authorization Bypass Through User-Controlled Key vulnerability in Miniorange OTP Verification With Firebase
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0.
network
low complexity
miniorange CWE-639
critical
9.8
2024-10-17 CVE-2024-9863 The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option.
network
low complexity
CWE-266
critical
9.8
2024-10-16 CVE-2024-9893 The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14.
network
low complexity
CWE-288
critical
9.8
2024-10-16 CVE-2024-10021 SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability was found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-10-16 CVE-2024-10022 SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-10-16 CVE-2016-15042 Unrestricted Upload of File with Dangerous Type vulnerability in Najeebmedia Frontend File Manager and Post Front-End Form
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions.
network
low complexity
najeebmedia CWE-434
critical
9.8