Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-25 CVE-2024-8950 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024.
network
low complexity
CWE-89
critical
 9.9
9.9
2024-12-25 CVE-2024-52046 Deserialization of Untrusted Data vulnerability in Apache Mina
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2024-12-25 CVE-2024-11281 The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.
network
low complexity
CWE-862
critical
 9.8
9.8
2024-12-23 CVE-2024-12898 SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects CWE-89
critical
 9.8
9.8
2024-12-23 CVE-2024-12899 SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0.
network
low complexity
1000projects CWE-89
critical
 9.8
9.8
2024-12-22 CVE-2024-12895 SQL Injection vulnerability in Treasurehuntgame Treasurehunt
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical.
network
low complexity
treasurehuntgame CWE-89
critical
 9.8
9.8
2024-12-22 CVE-2024-12894 SQL Injection vulnerability in Treasurehuntgame Treasurehunt
A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0.
network
low complexity
treasurehuntgame CWE-89
critical
 9.8
9.8
2024-12-21 CVE-2024-12884 SQL Injection vulnerability in Codezips E-Commerce Site 1.0
A vulnerability was found in Codezips E-Commerce Website 1.0.
network
low complexity
codezips CWE-89
critical
 9.8
9.8
2024-12-21 CVE-2024-11349 The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6.
network
low complexity
CWE-288
critical
 9.8
9.8
2024-12-20 CVE-2024-51466 IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability.
network
high complexity
CWE-917
critical
 9.0
9.0