Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-21	CVE-2024-28987	Unspecified vulnerability in Solarwinds web Help Desk The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. network low complexity solarwinds critical	9.1
2024-08-21	CVE-2024-7971	Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. network low complexity google microsoft CWE-843 critical	9.6
2024-08-21	CVE-2024-42777	Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0 An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. network low complexity lopalopa CWE-434 critical	9.8
2024-08-21	CVE-2024-42781	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-42782	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-42783	SQL Injection vulnerability in Lopalopa Music Management System 1.0 Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-42784	SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. network low complexity lopalopa CWE-89 critical	9.8
2024-08-21	CVE-2024-40453	Code Injection vulnerability in Squirrelly 9.0.0 squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. network low complexity squirrelly CWE-94 critical	9.8
2024-08-21	CVE-2024-28000	Unspecified vulnerability in Litespeedtech Litespeed Cache Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. network low complexity litespeedtech critical	9.8
2024-08-21	CVE-2024-5335	The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie in versions up to , and including, 1.6.4. network low complexity critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical