Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2024-23512 | Unspecified vulnerability in Wpxpo Wowstore Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. | 9.8 |
| 2024-02-12 | CVE-2024-23513 | Unspecified vulnerability in Wp-Property-Hive Propertyhive Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. | 9.8 |
| 2024-02-12 | CVE-2024-24797 | Unspecified vulnerability in G5Plus ERE Recently Viewed Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3. | 9.8 |
| 2024-02-12 | CVE-2024-25100 | Unspecified vulnerability in Wpswings Coupon Referral Program 1.7.2 Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | 9.8 |
| 2024-02-11 | CVE-2024-25718 | Insufficient Session Expiration vulnerability in Dropbox Samly In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry. | 9.8 |
| 2024-02-11 | CVE-2024-25722 | SQL Injection vulnerability in Qanything qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. | 9.8 |
| 2024-02-11 | CVE-2024-25714 | Information Exposure Through Discrepancy vulnerability in multiple products In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. | 9.8 |
| 2024-02-11 | CVE-2024-23724 | Cross-site Scripting vulnerability in Ghost Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. | 9.0 |
| 2024-02-09 | CVE-2024-25302 | SQL Injection vulnerability in Remyandrade Event Student Attendance System 1.0 Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. | 9.8 |
| 2024-02-09 | CVE-2024-25307 | SQL Injection vulnerability in Code-Projects Cinema Seat Reservation System 1.0 Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | 9.8 |