Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-05 CVE-2024-10844 SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0
A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0.
network
low complexity
bookstore-management-system-project CWE-89
critical
9.8
2024-11-05 CVE-2024-10845 SQL Injection vulnerability in Bookstore Management System Project Bookstore Management System 1.0
A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical.
network
low complexity
bookstore-management-system-project CWE-89
critical
9.8
2024-11-05 CVE-2024-10687 SQL Injection vulnerability in Contest-Gallery Contest Gallery
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
contest-gallery CWE-89
critical
9.8
2024-11-04 CVE-2024-10791 SQL Injection vulnerability in Codezips Hospital Appointment System 1.0
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2024-11-04 CVE-2024-10766 Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Free Exam Hall Seating Management System 1.0
A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0.
network
low complexity
codezips CWE-434
critical
9.8
2024-11-04 CVE-2024-51327 SQL Injection vulnerability in Projectworlds Travel Management System 1.0
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
network
low complexity
projectworlds CWE-89
critical
9.8
2024-11-04 CVE-2024-51136 XXE vulnerability in Openimaj 1.3.10
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
network
low complexity
openimaj CWE-611
critical
9.8
2024-11-04 CVE-2024-10764 Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0.
network
low complexity
codezips CWE-434
critical
9.8
2024-11-04 CVE-2024-10765 Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Institute Management System 1.0
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0.
network
low complexity
codezips CWE-434
critical
9.8
2024-11-04 CVE-2024-50523 Unrestricted Upload of File with Dangerous Type vulnerability in Rainbow-Link ALL Post Contact Form
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc.
network
low complexity
rainbow-link CWE-434
critical
9.8