Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-07 CVE-2024-3592 The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
critical
9.9
2024-06-06 CVE-2024-36779 SQL Injection vulnerability in Stock Management System Project Stock Management System 1.0
Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.
network
low complexity
stock-management-system-project CWE-89
critical
9.8
2024-06-06 CVE-2024-5675 Deserialization of Untrusted Data vulnerability in Summar Mentor 3.83.35
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35.
network
low complexity
summar CWE-502
critical
9.8
2024-06-06 CVE-2024-36393 SQL Injection vulnerability in Sysaid
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
network
low complexity
sysaid CWE-89
critical
9.8
2024-06-06 CVE-2024-36394 OS Command Injection vulnerability in Sysaid
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
network
low complexity
sysaid CWE-78
critical
9.8
2024-06-06 CVE-2024-4177 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone
A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery.
network
low complexity
bitdefender CWE-918
critical
9.8
2024-06-06 CVE-2024-5153 The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter.
network
low complexity
critical
9.1
2024-06-05 CVE-2024-5526 Server-Side Request Forgery (SSRF) vulnerability in Grafana Oncall
Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side Request Forgery (SSRF) vulnerability in the webhook functionallity.
network
low complexity
grafana CWE-918
critical
9.1
2024-06-05 CVE-2024-4295 SQL Injection vulnerability in Icegram Email Subscribers & Newsletters
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
icegram CWE-89
critical
9.8
2024-06-05 CVE-2024-5262 Files or Directories Accessible to External Parties vulnerability in Projectdiscovery Interactsh
Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login.
network
low complexity
projectdiscovery CWE-552
critical
9.8