Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-01 | CVE-2024-2077 | Unspecified vulnerability in Oretnom23 Simple Online Bidding System 1.0 A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. | 9.8 |
| 2024-03-01 | CVE-2024-2067 | Unspecified vulnerability in Remyandrade Computer Inventory System 1.0 A vulnerability was found in SourceCodester Computer Inventory System 1.0. | 9.8 |
| 2024-02-29 | CVE-2024-1981 | SQL Injection vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.1 |
| 2024-02-29 | CVE-2024-1982 | SQL Injection vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. | 9.1 |
| 2024-02-29 | CVE-2023-51801 | Code Injection vulnerability in Oretnom23 Simple Student Attendance System 1.0 SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. | 9.8 |
| 2024-02-29 | CVE-2024-23052 | Deserialization of Untrusted Data vulnerability in 5Kcrm Wukongcrm 9.0.120191202 An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. | 9.8 |
| 2024-02-29 | CVE-2024-23328 | Deserialization of Untrusted Data vulnerability in Dataease Dataease is an open source data visualization analysis tool. | 9.1 |
| 2024-02-29 | CVE-2024-23807 | Unspecified vulnerability in Apache Xerces-C++ The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. | 9.8 |
| 2024-02-29 | CVE-2024-25833 | SQL Injection vulnerability in F-Logic Datacube3 1.0 F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. | 9.8 |
| 2024-02-29 | CVE-2024-1927 | Unspecified vulnerability in Walterjnr1 Web-Based Student Clearance System 1.0 A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. | 9.8 |