Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-37849 | SQL Injection vulnerability in Itsourcecode Billing System 1.0 A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. | 9.8 |
| 2024-06-13 | CVE-2024-30299 | Unspecified vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
| 2024-06-13 | CVE-2024-30300 | Unspecified vulnerability in Adobe Framemaker Publishing Server 2020/2022 Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. | 9.8 |
| 2024-06-13 | CVE-2024-34107 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 9.8 |
| 2024-06-13 | CVE-2024-4371 | Deserialization of Untrusted Data vulnerability in Codexpert Codesigner The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. | 9.8 |
| 2024-06-13 | CVE-2024-26029 | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 9.8 |
| 2024-06-13 | CVE-2024-3552 | SQL Injection vulnerability in Salephpscripts web Directory Free The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | 9.8 |
| 2024-06-13 | CVE-2024-38294 | Unspecified vulnerability in Alcasar ALCASAR before 3.6.1 allows email_registration_back.php remote code execution. | 9.8 |
| 2024-06-13 | CVE-2024-38295 | Unspecified vulnerability in Alcasar ALCASAR before 3.6.1 allows still_connected.php remote code execution. | 9.8 |
| 2024-06-13 | CVE-2024-3922 | SQL Injection vulnerability in Dokan PRO Plugin 3.10.3 The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |