Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-12	CVE-2024-11948	Unspecified vulnerability in GFI Archiver GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. network low complexity gfi critical	9.8
2024-12-12	CVE-2024-12484	Injection vulnerability in Codezips Technical Discussion Forum 1.0 A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. network low complexity codezips CWE-74 critical	9.8
2024-12-10	CVE-2024-54032	Unspecified vulnerability in Adobe Connect Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. network low complexity adobe critical	9.3
2024-12-10	CVE-2024-54034	Unspecified vulnerability in Adobe Connect Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. network low complexity adobe critical	9.3
2024-12-10	CVE-2024-54036	Unspecified vulnerability in Adobe Connect Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. network low complexity adobe critical	9.3
2024-12-10	CVE-2024-11639	Missing Authentication for Critical Function vulnerability in Ivanti Cloud Services Appliance 4.5/4.6/5.0 An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access network low complexity ivanti CWE-306 critical	9.8
2024-12-10	CVE-2024-47484	Unspecified vulnerability in Dell Avamar Server Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. network low complexity dell critical	9.8
2024-12-09	CVE-2024-54920	SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. network low complexity lopalopa CWE-89 critical	9.8
2024-12-09	CVE-2024-52480	Unspecified vulnerability in Astoundify Jobify Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. network low complexity astoundify critical	9.8
2024-12-09	CVE-2024-8259	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported. network low complexity critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical