Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-50450 Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
network
low complexity
pluginus CWE-94
critical
9.8
2024-10-28 CVE-2024-50477 Missing Authentication for Critical Function vulnerability in Stacksmarket Stacks Mobile APP Builder
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
network
low complexity
stacksmarket CWE-306
critical
9.8
2024-10-28 CVE-2024-50486 Missing Authentication for Critical Function vulnerability in Acnoo Flutter API
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5.
network
low complexity
acnoo CWE-306
critical
9.8
2024-10-28 CVE-2024-50487 Missing Authentication for Critical Function vulnerability in Maantheme Maanstore API
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.
network
low complexity
maantheme CWE-306
critical
9.8
2024-10-28 CVE-2024-50489 Missing Authentication for Critical Function vulnerability in Realtyworkstation Realty Workstation
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.
network
low complexity
realtyworkstation CWE-306
critical
9.8
2024-10-28 CVE-2024-50492 Code Injection vulnerability in Scottpaterson Scottcart
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1.
network
low complexity
scottpaterson CWE-94
critical
9.8
2024-10-28 CVE-2024-50498 Code Injection vulnerability in Lubus WP Query Console
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
network
low complexity
lubus CWE-94
critical
9.8
2024-10-28 CVE-2024-10440 SQL Injection vulnerability in Sun.Net Ehdr Ctms
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
network
low complexity
sun-net CWE-89
critical
9.8
2024-10-28 CVE-2024-10434 Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 1.0/15.03.06.23/15.03.06.23Multitd01
A vulnerability was found in Tenda AC1206 up to 20241027.
network
low complexity
tenda CWE-787
critical
9.8
2024-10-28 CVE-2024-10432 SQL Injection vulnerability in Projectworlds Simple Web-Based Chat Application 1.0
A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical.
network
low complexity
projectworlds CWE-89
critical
9.8