Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-15	CVE-2024-47945	Insufficient Entropy vulnerability in Rittal products The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. network low complexity rittal CWE-331 critical	9.8
2024-10-15	CVE-2024-9973	SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. network low complexity oretnom23 CWE-89 critical	9.8
2024-10-15	CVE-2024-9974	SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. network low complexity oretnom23 CWE-89 critical	9.8
2024-10-15	CVE-2024-9925	SQL Injection vulnerability in Taismartfactory Qplant SF 1.0 SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. network low complexity taismartfactory CWE-89 critical	9.8
2024-10-15	CVE-2024-9984	Missing Authentication for Critical Function vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. network low complexity ragic CWE-306 critical	9.8
2024-10-15	CVE-2024-9985	Unrestricted Upload of File with Dangerous Type vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. network low complexity ragic CWE-434 critical	9.8
2024-10-15	CVE-2024-9982	AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. network low complexity CWE-89 critical	9.8
2024-10-15	CVE-2024-9972	Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. network low complexity CWE-89 critical	9.8
2024-10-14	CVE-2024-48251	SQL Injection vulnerability in Wavelog 1.8.5 Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. network low complexity wavelog CWE-89 critical	9.8
2024-10-14	CVE-2024-48257	SQL Injection vulnerability in Wavelog 1.8.5 Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. network low complexity wavelog CWE-89 critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical