Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-30 | CVE-2024-10525 | Out-of-bounds Write vulnerability in Eclipse Mosquitto In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. | 9.8 |
| 2024-10-30 | CVE-2024-8512 | The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. | 9.1 |
| 2024-10-30 | CVE-2024-10507 | SQL Injection vulnerability in Codezips Free Exam Hall Seating Management System 1.0 A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. | 9.8 |
| 2024-10-30 | CVE-2024-10509 | SQL Injection vulnerability in Codezips Online Institute Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. | 9.8 |
| 2024-10-29 | CVE-2024-51378 | OS Command Injection vulnerability in Cyberpanel getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
| 2024-10-29 | CVE-2024-51567 | Missing Authentication for Critical Function vulnerability in Cyberpanel upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
| 2024-10-29 | CVE-2024-50459 | Missing Authorization vulnerability in Hmplugin Aidwp Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | 9.8 |
| 2024-10-29 | CVE-2024-9988 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |
| 2024-10-29 | CVE-2024-9989 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |
| 2024-10-29 | CVE-2024-8923 | Code Injection vulnerability in Servicenow Vancouver/Washingtondc/Xanadu ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. | 10.0 |