Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-10 CVE-2024-11639 Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
network
low complexity
ivanti CWE-306
critical
9.8
2024-12-10 CVE-2024-47484 Unspecified vulnerability in Dell Avamar Server
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability.
network
low complexity
dell
critical
9.8
2024-12-09 CVE-2024-54920 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters.
network
low complexity
lopalopa CWE-89
critical
9.8
2024-12-09 CVE-2024-52480 Unspecified vulnerability in Astoundify Jobify
Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.
network
low complexity
astoundify
critical
9.8
2024-12-09 CVE-2024-8259 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported.
network
low complexity
critical
9.8
2024-12-09 CVE-2023-22701 Unspecified vulnerability in Shopfiles Ebook Store
Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.
network
low complexity
shopfiles
critical
9.8
2024-12-09 CVE-2023-23834 Missing Authorization vulnerability in Brainstormforce Spectra
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
network
low complexity
brainstormforce CWE-862
critical
9.8
2024-12-09 CVE-2023-47805 Unspecified vulnerability in Themewinter Wpcafe
Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22.
network
low complexity
themewinter
critical
9.8
2024-12-09 CVE-2023-50903 Unspecified vulnerability in Wpmet Metform Elementor Contact Form Builder
Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0.
network
low complexity
wpmet
critical
9.8
2024-12-09 CVE-2023-51353 Unspecified vulnerability in Supsystic Popup
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
network
low complexity
supsystic
critical
9.8