Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-20 CVE-2024-6113 Unspecified vulnerability in Janobe Monbela Tourist INN Online Reservation System 1.0
A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0.
network
low complexity
janobe
critical
9.8
2024-06-20 CVE-2024-3605 SQL Injection vulnerability in Thimpress WP Hotel Booking
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
thimpress CWE-89
critical
9.8
2024-06-20 CVE-2024-5182 Unspecified vulnerability in Mudler Localai
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files.
network
low complexity
mudler
critical
9.1
2024-06-19 CVE-2024-36678 SQL Injection vulnerability in Promokit PK Themesettings 1.8.8
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection.
network
low complexity
promokit CWE-89
critical
9.8
2024-06-19 CVE-2024-36684 SQL Injection vulnerability in Prestashop PK Customlinks
In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection.
network
low complexity
prestashop CWE-89
critical
9.8
2024-06-19 CVE-2024-36116 Path Traversal vulnerability in Reposilite
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem.
network
low complexity
reposilite CWE-22
critical
9.8
2024-06-19 CVE-2022-45832 Missing Authorization vulnerability in Hennessey Attorney
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.
network
low complexity
hennessey CWE-862
critical
9.8
2024-06-19 CVE-2023-36515 Unspecified vulnerability in Thimpress Learnpress
Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.
network
low complexity
thimpress
critical
9.8
2024-06-19 CVE-2023-36684 Unspecified vulnerability in Brainstormforce Convert PRO
Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5.
network
low complexity
brainstormforce
critical
9.8
2024-06-19 CVE-2023-35049 Unspecified vulnerability in Woocommerce Stripe Payment Gateway
Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0.
network
low complexity
woocommerce
critical
9.8