Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-10278 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5. | 9.8 |
| 2024-10-23 | CVE-2024-10279 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5. | 9.8 |
| 2024-10-23 | CVE-2024-10277 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5 and classified as critical. | 9.8 |
| 2024-10-23 | CVE-2024-43924 | Missing Authorization vulnerability in Dfactory Responsive Lightbox Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | 9.8 |
| 2024-10-23 | CVE-2024-9947 | Improper Authentication vulnerability in Properfraction Profilepress The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. | 9.8 |
| 2024-10-22 | CVE-2024-40493 | NULL Pointer Dereference vulnerability in Keith-Cullen Freecoap 1.0 Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. | 9.8 |
| 2024-10-22 | CVE-2024-44812 | SQL Injection vulnerability in Janobe Online Complaint Site 1.0 SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | 9.8 |
| 2024-10-22 | CVE-2024-46902 | SQL Injection vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7 A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | 9.1 |
| 2024-10-22 | CVE-2024-43177 | Improper Certificate Validation vulnerability in IBM Concert 1.0.0/1.0.1 IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | 9.8 |
| 2024-10-21 | CVE-2024-48509 | SQL Injection vulnerability in Learning With Texts Project Learning With Texts 2.0.3 Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. | 9.8 |