Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-14	CVE-2024-48253	SQL Injection vulnerability in Magicbug Cloudlog 2.6.15 Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. network low complexity magicbug CWE-89 critical	9.8
2024-10-14	CVE-2024-48255	SQL Injection vulnerability in Magicbug Cloudlog 2.6.15 Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. network low complexity magicbug CWE-89 critical	9.8
2024-10-14	CVE-2024-9924	The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. network low complexity critical	9.8
2024-10-14	CVE-2024-9921	SQL Injection vulnerability in Teamplus Team+ PRO The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. network low complexity teamplus CWE-89 critical	9.8
2024-10-13	CVE-2024-9916	OS Command Injection vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. network low complexity usualtool CWE-78 critical	9.8
2024-10-12	CVE-2024-9047	The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. network low complexity CWE-22 critical	9.8
2024-10-11	CVE-2024-47331	SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. network low complexity ninjateam CWE-89 critical	9.8
2024-10-11	CVE-2024-45402	Double Free vulnerability in Dena Picotls Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. network low complexity dena CWE-415 critical	9.8
2024-10-11	CVE-2024-47074	Deserialization of Untrusted Data vulnerability in Dataease DataEase is an open source data visualization analysis tool. network low complexity dataease CWE-502 critical	9.8
2024-10-11	CVE-2024-9707	The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. network low complexity CWE-862 critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical