Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9793 | OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23 A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. | 9.8 |
| 2024-10-10 | CVE-2024-9794 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Shopping Portal 1.0 A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. | 9.8 |
| 2024-10-10 | CVE-2024-9201 | SQL Injection vulnerability in Seur The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. | 9.8 |
| 2024-10-10 | CVE-2024-45115 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
| 2024-10-10 | CVE-2024-9796 | SQL Injection vulnerability in Internet-Formation Wp-Advanced-Search The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | 9.8 |
| 2024-10-10 | CVE-2024-9518 | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. | 9.8 |
| 2024-10-10 | CVE-2024-48949 | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
| 2024-10-09 | CVE-2024-9465 | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |
| 2024-10-09 | CVE-2024-9680 | Use After Free vulnerability in Mozilla Thunderbird An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | 9.8 |
| 2024-10-09 | CVE-2024-32608 | Out-of-bounds Write vulnerability in Hdfgroup Hdf5 HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 |