VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Critical
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-11-09
CVE-2024-10871
The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter.
network
low complexity
critical
9.8
9.8
2024-11-09
CVE-2024-10470
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962.
network
low complexity
CWE-22
critical
9.8
9.8
2024-11-09
CVE-2024-10625
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7.
network
low complexity
CWE-22
critical
9.8
9.8
2024-11-09
CVE-2024-10627
The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7.
network
low complexity
CWE-434
critical
9.8
9.8
2024-11-09
CVE-2024-10285
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0.
network
low complexity
CWE-200
critical
9.8
9.8
2024-11-09
CVE-2024-10586
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2.
network
low complexity
CWE-862
critical
9.8
9.8
2024-11-08
CVE-2024-45764
Unspecified vulnerability in Dell Enterprise Sonic Distribution
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability.
network
low complexity
dell
critical
9.8
9.8
2024-11-08
CVE-2024-10998
SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0
A vulnerability was found in 1000 Projects Bookstore Management System 1.0.
network
low complexity
bookstore-management-system-project
CWE-89
critical
9.8
9.8
2024-11-08
CVE-2024-10995
SQL Injection vulnerability in Codezips Hospital Appointment System 1.0
A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical.
network
low complexity
codezips
CWE-89
critical
9.8
9.8
2024-11-08
CVE-2024-10996
SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0
A vulnerability was found in 1000 Projects Bookstore Management System 1.0.
network
low complexity
bookstore-management-system-project
CWE-89
critical
9.8
9.8
«
Previous
1
2
...
19
20
21
(current)
22
23
...
2454
2455
»
Next