Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-30 CVE-2024-31151 Use of Hard-coded Credentials vulnerability in Level1 Wbr-6012 Firmware R0.40E6
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot.
network
low complexity
level1 CWE-798
critical
9.8
2024-10-30 CVE-2024-8512 The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function.
network
low complexity
CWE-95
critical
9.1
2024-10-30 CVE-2024-10507 SQL Injection vulnerability in Codezips Free Exam Hall Seating Management System 1.0
A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2024-10-30 CVE-2024-10509 SQL Injection vulnerability in Codezips Online Institute Management System 1.0
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2024-10-29 CVE-2024-51378 OS Command Injection vulnerability in Cyberpanel
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX.
network
low complexity
cyberpanel CWE-78
critical
9.8
2024-10-29 CVE-2024-51567 Missing Authentication for Critical Function vulnerability in Cyberpanel
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX.
network
low complexity
cyberpanel CWE-306
critical
9.8
2024-10-29 CVE-2024-50459 Missing Authorization vulnerability in Hmplugin Aidwp
Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3.
network
low complexity
hmplugin CWE-862
critical
9.8
2024-10-29 CVE-2024-9988 Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15.
network
low complexity
odude CWE-288
critical
9.8
2024-10-29 CVE-2024-9989 Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15.
network
low complexity
odude CWE-288
critical
9.8
2024-10-29 CVE-2024-8923 Code Injection vulnerability in Servicenow Vancouver/Washingtondc/Xanadu
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform.
network
low complexity
servicenow CWE-94
critical
10.0