Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-52308 | Command Injection vulnerability in Github CLI The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. | 9.6 |
| 2024-11-14 | CVE-2024-50823 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. | 9.8 |
| 2024-11-14 | CVE-2024-50833 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | 9.8 |
| 2024-11-14 | CVE-2024-11209 | Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0 A vulnerability was found in Apereo CAS 6.6. | 9.8 |
| 2024-11-14 | CVE-2024-10571 | Unspecified vulnerability in Ays-Pro Chartify The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. | 9.8 |
| 2024-11-13 | CVE-2024-52300 | Cross-site Scripting vulnerability in Xwiki PDF Viewer Macro macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. | 9.0 |
| 2024-11-13 | CVE-2024-52306 | Deserialization of Untrusted Data vulnerability in Backpackforlaravel Filemanager FileManager provides a Backpack admin interface for files and folder. | 9.8 |
| 2024-11-13 | CVE-2024-48510 | Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0 Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 9.8 |
| 2024-11-13 | CVE-2024-11028 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Icdsoft Multimanager WP The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. | 9.8 |
| 2024-11-13 | CVE-2024-10575 | Missing Authorization vulnerability in Schneider-Electric Ecostruxure IT Gateway CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | 9.8 |