Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-5482 Unspecified vulnerability in Lollms web UI
A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version.
network
low complexity
lollms
critical
 9.8
9.8
2024-06-06 CVE-2024-34832 Path Traversal vulnerability in Cubecart
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
network
low complexity
cubecart CWE-22
critical
 9.8
9.8
2024-06-06 CVE-2024-36779 SQL Injection vulnerability in Stock Management System Project Stock Management System 1.0
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
network
low complexity
stock-management-system-project CWE-89
critical
 9.8
9.8
2024-06-06 CVE-2024-5675 Unspecified vulnerability in Summar Mentor 3.83.35
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35.
network
low complexity
summar
critical
 9.8
9.8
2024-06-06 CVE-2024-36393 Unspecified vulnerability in Sysaid
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
network
low complexity
sysaid
critical
 9.8
9.8
2024-06-06 CVE-2024-36394 Unspecified vulnerability in Sysaid
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
network
low complexity
sysaid
critical
 9.8
9.8
2024-06-06 CVE-2024-4177 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.
network
low complexity
bitdefender CWE-918
critical
 9.8
9.8
2024-06-06 CVE-2024-5153 Path Traversal vulnerability in Web-Shop-Host Startklar Elmentor Addons 1.7.15
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter.
network
low complexity
web-shop-host CWE-22
critical
 9.8
9.8
2024-06-05 CVE-2024-5653 Unspecified vulnerability in Changjietong T+ 3.5
A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5.
network
low complexity
changjietong
critical
 9.8
9.8
2024-06-05 CVE-2024-5171 Integer Overflow or Wraparound vulnerability in Aomedia Libaom
Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow.
network
low complexity
aomedia CWE-190
critical
 9.8
9.8