Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-13 CVE-2024-48007 Use of Hard-coded Credentials vulnerability in Dell Recoverpoint for Virtual Machines 6.0
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability.
network
low complexity
dell CWE-798
critical
 9.8
9.8
2024-12-13 CVE-2024-9290 The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3.
network
low complexity
CWE-434
critical
 9.8
9.8
2024-12-12 CVE-2024-49147 Deserialization of Untrusted Data vulnerability in Microsoft Update Catalog
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
network
low complexity
microsoft CWE-502
critical
 9.8
9.8
2024-12-12 CVE-2024-55663 Unspecified vulnerability in Xwiki
XWiki Platform is a generic wiki platform.
network
low complexity
xwiki
critical
 9.8
9.8
2024-12-12 CVE-2024-10124 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1.
network
low complexity
CWE-284
critical
 9.8
9.8
2024-12-12 CVE-2024-11015 The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0.
network
low complexity
CWE-287
critical
 9.8
9.8
2024-12-12 CVE-2024-12490 SQL Injection vulnerability in Code-Projects Online Class and Exam Scheduling System 1.0
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2024-12-12 CVE-2024-12497 SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects CWE-89
critical
 9.8
9.8
2024-12-12 CVE-2024-44241 Unspecified vulnerability in Apple Ipados
The issue was addressed with improved bounds checks.
network
low complexity
apple
critical
 9.8
9.8
2024-12-12 CVE-2024-44242 Unspecified vulnerability in Apple Ipados
The issue was addressed with improved bounds checks.
network
low complexity
apple
critical
 9.8
9.8