Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-04	CVE-2024-34551	Path Traversal vulnerability in Select-Themes Stockholm 9.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6. network low complexity select-themes CWE-22 critical	9.8
2024-06-04	CVE-2024-35629	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wow-Company Easy Digital Downloads 1.0.2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. network low complexity wow-company CWE-829 critical	9.8
2024-06-04	CVE-2024-35700	Unspecified vulnerability in Userproplugin Userpro Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8. network low complexity userproplugin critical	9.8
2024-05-31	CVE-2024-23692	Code Injection vulnerability in Rejetto Http File Server Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. network low complexity rejetto CWE-94 critical	9.8
2024-05-30	CVE-2024-35349	SQL Injection vulnerability in Dino Physics School Assistant Project Dino Physics School Assistant 2.3 A vulnerability has been discovered in Diño Physics School Assistant version 2.3. network low complexity dino-physics-school-assistant-project CWE-89 critical	9.8
2024-05-30	CVE-2024-35359	SQL Injection vulnerability in Dino Physics School Assistant Project Dino Physics School Assistant 2.3 A vulnerability has been discovered in Diño Physics School Assistant version 2.3. network low complexity dino-physics-school-assistant-project CWE-89 critical	9.8
2024-05-29	CVE-2024-4358	Authentication Bypass by Spoofing vulnerability in Telerik Report Server 2024 10.0.24.130/10.0.24.305 In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. network low complexity telerik CWE-290 critical	9.8
2024-05-28	CVE-2024-5274	Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. network low complexity google fedoraproject CWE-843 critical	9.6
2024-05-18	CVE-2024-3658	The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. network low complexity critical	9.8
2024-05-15	CVE-2024-4947	Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. network low complexity google fedoraproject CWE-843 critical	9.6

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical