Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-10 CVE-2024-46613 Integer Overflow or Wraparound vulnerability in Weechat
WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list.
network
low complexity
weechat CWE-190
critical
9.8
2024-11-10 CVE-2024-11057 SQL Injection vulnerability in Codezips Hospital Appointment System 1.0
A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical.
network
low complexity
codezips CWE-89
critical
9.8
2024-11-10 CVE-2024-11055 SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0.
network
low complexity
1000projects CWE-89
critical
9.8
2024-11-10 CVE-2024-11054 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Simple Music Cloud Community System 1.0
A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0.
network
low complexity
oretnom23 CWE-434
critical
9.8
2024-11-10 CVE-2024-11047 Stack-based Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1
A vulnerability was found in D-Link DI-8003 16.07.16A1.
network
low complexity
dlink CWE-121
critical
9.8
2024-11-10 CVE-2024-11048 Stack-based Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1
A vulnerability was found in D-Link DI-8003 16.07.16A1.
network
low complexity
dlink CWE-121
critical
9.8
2024-11-10 CVE-2024-11046 Command Injection vulnerability in Dlink Di-8003 Firmware 16.07.16A1
A vulnerability was found in D-Link DI-8003 16.07.16A1.
network
low complexity
dlink CWE-77
critical
9.8
2024-11-09 CVE-2024-10508 The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6.
network
low complexity
CWE-230
critical
9.8
2024-11-09 CVE-2024-10547 The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2.
network
low complexity
CWE-434
critical
9.8
2024-11-09 CVE-2024-10589 The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1.
network
low complexity
CWE-862
critical
9.8