Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-30299 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.
network
low complexity
CWE-287
critical
10.0
2024-06-13 CVE-2024-34102 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution.
network
low complexity
CWE-611
critical
9.8
2024-06-13 CVE-2024-34108 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.
network
low complexity
CWE-20
critical
9.1
2024-06-13 CVE-2024-3922 The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
critical
10.0
2024-06-12 CVE-2024-4898 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38.
network
low complexity
critical
9.8
2024-06-11 CVE-2024-30080 Use After Free vulnerability in Microsoft products
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-416
critical
9.8
2024-06-11 CVE-2024-3549 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
critical
9.9
2024-06-10 CVE-2024-32167 Unspecified vulnerability in Oretnom23 Online Medicine Ordering System 1.0
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files.
network
low complexity
oretnom23
critical
9.1
2024-06-10 CVE-2024-36412 SQL Injection vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-89
critical
9.8
2024-06-10 CVE-2024-36417 Cross-site Scripting vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-79
critical
9.0