Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-30 | CVE-2024-31151 | Use of Hard-coded Credentials vulnerability in Level1 Wbr-6012 Firmware R0.40E6 A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. | 9.8 |
2024-10-30 | CVE-2024-8512 | The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. | 9.1 |
2024-10-30 | CVE-2024-10507 | SQL Injection vulnerability in Codezips Free Exam Hall Seating Management System 1.0 A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. | 9.8 |
2024-10-30 | CVE-2024-10509 | SQL Injection vulnerability in Codezips Online Institute Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. | 9.8 |
2024-10-29 | CVE-2024-51378 | OS Command Injection vulnerability in Cyberpanel getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
2024-10-29 | CVE-2024-51567 | Missing Authentication for Critical Function vulnerability in Cyberpanel upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
2024-10-29 | CVE-2024-50459 | Missing Authorization vulnerability in Hmplugin Aidwp Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | 9.8 |
2024-10-29 | CVE-2024-9988 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |
2024-10-29 | CVE-2024-9989 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |
2024-10-29 | CVE-2024-8923 | Code Injection vulnerability in Servicenow Vancouver/Washingtondc/Xanadu ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. | 10.0 |