Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-8940 Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request.
network
low complexity
scriptcase CWE-434
critical
9.8
2024-09-24 CVE-2024-8624 SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pluginus CWE-89
critical
9.9
2024-09-24 CVE-2024-8671 Path Traversal vulnerability in Exthemes Wooevents
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2.
network
low complexity
exthemes CWE-22
critical
9.1
2024-09-24 CVE-2024-8791 Authorization Bypass Through User-Controlled Key vulnerability in Wpcharitable Charitable
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14.
network
low complexity
wpcharitable CWE-639
critical
9.8
2024-09-23 CVE-2024-47222 Server-Side Request Forgery (SSRF) vulnerability in Myoffice MY Office SDK
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
network
low complexity
myoffice CWE-918
critical
9.8
2024-09-23 CVE-2024-0001 Insecure Default Initialization of Resource vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
network
low complexity
purestorage CWE-1188
critical
9.8
2024-09-23 CVE-2024-0002 Unspecified vulnerability in Purestorage Purity//Fa
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
network
low complexity
purestorage
critical
9.8
2024-09-23 CVE-2024-9094 SQL Injection vulnerability in Code-Projects Blood Bank System 1.0
A vulnerability classified as critical was found in code-projects Blood Bank System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-09-23 CVE-2024-9090 SQL Injection vulnerability in Mayurik Modern Loan Management System 1.0
A vulnerability was found in SourceCodester Modern Loan Management System 1.0.
network
low complexity
mayurik CWE-89
critical
9.8
2024-09-23 CVE-2024-9091 SQL Injection vulnerability in Code-Projects Student Record System 1.0
A vulnerability was found in code-projects Student Record System 1.0.
network
low complexity
code-projects CWE-89
critical
9.8