Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-15 CVE-2024-57726 Unspecified vulnerability in Simple-Help Simplehelp
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions.
network
low complexity
simple-help
critical
 9.9
9.9
2025-01-15 CVE-2025-0491 SQL Injection vulnerability in Fanli2012 Native-PHP-Cms 1.0
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0.
network
low complexity
fanli2012 CWE-89
critical
 9.8
9.8
2025-01-15 CVE-2025-0486 SQL Injection vulnerability in Fanli2012 Native-PHP-Cms 1.0
A vulnerability was found in Fanli2012 native-php-cms 1.0.
network
low complexity
fanli2012 CWE-89
critical
 9.8
9.8
2025-01-15 CVE-2025-0487 SQL Injection vulnerability in Fanli2012 Native-PHP-Cms 1.0
A vulnerability was found in Fanli2012 native-php-cms 1.0.
network
low complexity
fanli2012 CWE-89
critical
 9.8
9.8
2025-01-15 CVE-2024-9636 The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3.
network
low complexity
CWE-269
critical
 9.8
9.8
2025-01-14 CVE-2024-48856 Out-of-bounds Write vulnerability in Blackberry QNX Software Development Platform 7.0/7.1/8.0
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
network
low complexity
blackberry CWE-787
critical
 9.8
9.8
2025-01-14 CVE-2025-21311 Unspecified vulnerability in Microsoft products
Windows NTLM V1 Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
 9.8
9.8
2025-01-14 CVE-2024-13179 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2025-01-14 CVE-2024-13181 Path Traversal vulnerability in Ivanti Avalanche
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
network
low complexity
ivanti CWE-22
critical
 9.8
9.8
2025-01-14 CVE-2024-39759 Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505.
network
low complexity
CWE-77
critical
 10.0
10