Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-10 CVE-2024-11047 Stack-based Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1
A vulnerability was found in D-Link DI-8003 16.07.16A1.
network
low complexity
dlink CWE-121
critical
 9.8
9.8
2024-11-10 CVE-2024-11048 Stack-based Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1
A vulnerability was found in D-Link DI-8003 16.07.16A1.
network
low complexity
dlink CWE-121
critical
 9.8
9.8
2024-11-10 CVE-2024-11046 Command Injection vulnerability in Dlink Di-8003 Firmware 16.07.16A1
A vulnerability was found in D-Link DI-8003 16.07.16A1.
network
low complexity
dlink CWE-77
critical
 9.8
9.8
2024-11-09 CVE-2024-10547 The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2.
network
low complexity
CWE-434
critical
 9.8
9.8
2024-11-09 CVE-2024-10589 The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1.
network
low complexity
CWE-862
critical
 9.8
9.8
2024-11-09 CVE-2024-10871 The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter.
network
low complexity
critical
 9.8
9.8
2024-11-09 CVE-2024-10470 The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962.
network
low complexity
CWE-22
critical
 9.8
9.8
2024-11-09 CVE-2024-10625 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7.
network
low complexity
CWE-22
critical
 9.8
9.8
2024-11-09 CVE-2024-10627 The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7.
network
low complexity
CWE-434
critical
 9.8
9.8
2024-11-09 CVE-2024-10284 Missing Authentication for Critical Function vulnerability in Ce21 Suite
The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0.
network
low complexity
ce21 CWE-306
critical
 9.8
9.8