Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-21	CVE-2024-7971	Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. network low complexity google microsoft CWE-843 critical	9.6
2024-08-21	CVE-2024-42777	Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. network low complexity lopalopa CWE-434 critical	9.8
2024-08-21	CVE-2024-42781	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-42782	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-42783	SQL Injection vulnerability in Lopalopa Music Management System 1.0 Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-42784	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-40453	Code Injection vulnerability in Squirrelly 9.0.0 squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. network low complexity squirrelly CWE-94 critical	9.8
2024-08-21	CVE-2024-5335	The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie in versions up to , and including, 1.6.4. network low complexity critical	9.8
2024-08-21	CVE-2024-7854	SQL Injection vulnerability in Sjhoo WOO Inquiry 0.1 The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. network low complexity sjhoo CWE-89 critical	9.8
2024-08-20	CVE-2024-42361	SQL Injection vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. network low complexity apache CWE-89 critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical