Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-28	CVE-2024-9296	SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0. network low complexity mayurik CWE-89 critical	9.8
2024-09-28	CVE-2024-9295	SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. network low complexity mayurik CWE-89 critical	9.8
2024-09-28	CVE-2024-8353	Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. network low complexity givewp CWE-502 critical	9.8
2024-09-27	CVE-2024-8630	SQL Injection vulnerability in Alisonic Sibylla Firmware Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. network low complexity alisonic CWE-89 critical	9.8
2024-09-27	CVE-2024-8607	SQL Injection vulnerability in Oceanicsoft Valeapp Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0. network low complexity oceanicsoft CWE-89 critical	9.8
2024-09-27	CVE-2024-8643	Session Fixation vulnerability in Oceanicsoft Valeapp Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0. network low complexity oceanicsoft CWE-384 critical	9.8
2024-09-27	CVE-2024-9280	Unrestricted Upload of File with Dangerous Type vulnerability in Kvf-Admin Project Kvf-Admin 20220212 A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. network low complexity kvf-admin-project CWE-434 critical	9.8
2024-09-26	CVE-2024-46628	OS Command Injection vulnerability in Tendacn G3 Firmware 15.03.05.05 Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. network low complexity tendacn CWE-78 critical	9.8
2024-09-26	CVE-2024-7108	Incorrect Authorization vulnerability in Nationalkeep Cybermath 1.4 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253. network low complexity nationalkeep CWE-863 critical	9.8
2024-09-26	CVE-2024-7772	Unrestricted Upload of File with Dangerous Type vulnerability in Artbees Jupiter X Core The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. network low complexity artbees CWE-434 critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical