Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-8341 Unrestricted Upload of File with Dangerous Type vulnerability in Nelzkie15 PET Shop Management System 1.0
A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0.
network
low complexity
nelzkie15 CWE-434
critical
 9.8
9.8
2024-08-30 CVE-2024-8336 SQL Injection vulnerability in Oretnom23 Music Gallery Site 1.0
A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0.
network
low complexity
oretnom23 CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-8335 SQL Injection vulnerability in Openrapid Rapidcms 1.3.1
A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1.
network
low complexity
openrapid CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-8332 SQL Injection vulnerability in Master-Nan Sweet-Cms
A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f.
network
low complexity
master-nan CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-8331 SQL Injection vulnerability in Openrapid Rapidcms 1.3.1
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1.
network
low complexity
openrapid CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-45491 Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat
An issue was discovered in libexpat before 2.6.3.
network
low complexity
libexpat-project CWE-190
critical
 9.8
9.8
2024-08-30 CVE-2024-45492 Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat
An issue was discovered in libexpat before 2.6.3.
network
low complexity
libexpat-project CWE-190
critical
 9.8
9.8
2024-08-30 CVE-2024-8234 Unspecified vulnerability in Zyxel Nwaw1100-N Firmware 1.00(Aace.1)C0
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the functions formSysCmd(), formUpgradeCert(), and formDelcert() in the Zyxel NWA1100-N firmware version 1.00(AACE.1)C0 could allow an unauthenticated attacker to execute some OS commands to access system files on an affected device.
network
low complexity
zyxel
critical
 9.8
9.8
2024-08-29 CVE-2024-6670 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-6671 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
 9.8
9.8