Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-40867 Unspecified vulnerability in Apple Ipados
A custom URL scheme handling issue was addressed with improved input validation.
network
low complexity
apple
critical
9.6
2024-10-28 CVE-2024-50495 Unrestricted Upload of File with Dangerous Type vulnerability in Widgilabs Plugin Propagator 0.1
Unrestricted Upload of File with Dangerous Type vulnerability in WidgiLabs Plugin Propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through 0.1.
network
low complexity
widgilabs CWE-434
critical
9.8
2024-10-28 CVE-2024-50496 Unrestricted Upload of File with Dangerous Type vulnerability in Webandprint AR
Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2.
network
low complexity
webandprint CWE-434
critical
10.0
2024-10-28 CVE-2024-10449 SQL Injection vulnerability in Codezips Hospital Appointment System 1.0
A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0.
network
low complexity
codezips CWE-89
critical
9.8
2024-10-28 CVE-2024-10450 Unspecified vulnerability in Mayurik Advocate Office Management System 1.0
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical.
network
low complexity
mayurik
critical
9.8
2024-10-28 CVE-2024-50478 Improper Authentication vulnerability in Swoopnow 1-Click Login: Passwordless Authentication 1.4.5
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
network
low complexity
swoopnow CWE-287
critical
9.8
2024-10-28 CVE-2024-50479 SQL Injection vulnerability in Mansurahamed Woocommerce Quote Calculator
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.
network
low complexity
mansurahamed CWE-89
critical
9.8
2024-10-28 CVE-2024-50483 Authorization Bypass Through User-Controlled Key vulnerability in Tareqhasan Meetup
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.
network
low complexity
tareqhasan CWE-639
critical
9.8
2024-10-28 CVE-2024-50491 SQL Injection vulnerability in Micahblu Rsvp ME
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9.
network
low complexity
micahblu CWE-89
critical
9.8
2024-10-28 CVE-2024-50497 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buynowdepot Advanced Online Ordering and Delivery Platform
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0.
network
low complexity
buynowdepot CWE-829
critical
9.8