Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-10119 OS Command Injection vulnerability in ZTE Wrtm326 Firmware
The wireless router WRTM326 from SECOM does not properly validate a specific parameter.
network
low complexity
zte CWE-78
critical
 9.8
9.8
2024-10-18 CVE-2024-10118 SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality.
network
low complexity
CWE-78
critical
 9.8
9.8
2024-10-17 CVE-2024-43566 Unspecified vulnerability in Microsoft Edge Chromium
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2024-10-17 CVE-2024-49217 Unspecified vulnerability in Madirisalmanaashish Adding Drop Down Roles in Registration
Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.
network
low complexity
madirisalmanaashish
critical
 9.8
9.8
2024-10-17 CVE-2005-10003 OS Command Injection vulnerability in Mikexstudios Xcomic
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2.
network
low complexity
mikexstudios CWE-78
critical
 9.8
9.8
2024-10-17 CVE-2024-9862 The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0.
network
low complexity
CWE-639
critical
 9.8
9.8
2024-10-17 CVE-2024-9863 The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option.
network
low complexity
CWE-266
critical
 9.8
9.8
2024-10-16 CVE-2024-9893 The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14.
network
low complexity
CWE-288
critical
 9.8
9.8
2024-10-16 CVE-2024-10021 SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability was found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2024-10-16 CVE-2024-10022 SQL Injection vulnerability in Code-Projects Pharmacy Management System 1.0
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8