Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-45115 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
| 2024-10-10 | CVE-2024-9796 | SQL Injection vulnerability in Internet-Formation Wp-Advanced-Search The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | 9.8 |
| 2024-10-10 | CVE-2024-9518 | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. | 9.8 |
| 2024-10-10 | CVE-2024-48949 | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
| 2024-10-09 | CVE-2024-9465 | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |
| 2024-10-09 | CVE-2024-9680 | Use After Free vulnerability in multiple products An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. | 9.8 |
| 2024-10-09 | CVE-2024-32608 | Out-of-bounds Write vulnerability in Hdfgroup Hdf5 HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 |
| 2024-10-08 | CVE-2024-38124 | Unspecified vulnerability in Microsoft products Windows Netlogon Elevation of Privilege Vulnerability | 9.0 |
| 2024-10-08 | CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability | 9.8 |
| 2024-10-08 | CVE-2024-43488 | Unspecified vulnerability in Microsoft Visual Studio Code Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | 9.8 |