Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-13 CVE-2023-37967 Missing Authorization vulnerability in Designinvento Directorypress 2.8.0/3.6.0
Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.
network
low complexity
designinvento CWE-862
critical
9.8
2024-12-13 CVE-2023-39997 Missing Authorization vulnerability in Supsystic Popup
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.
network
low complexity
supsystic CWE-862
critical
9.8
2024-12-13 CVE-2023-40003 Missing Authorization vulnerability in Wedevs WP Project Manager
Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7.
network
low complexity
wedevs CWE-862
critical
9.8
2024-12-13 CVE-2023-40005 Missing Authorization vulnerability in Awesomemotive Easy Digital Downloads
Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5.
network
low complexity
awesomemotive CWE-862
critical
9.8
2024-12-13 CVE-2023-41875 Missing Authorization vulnerability in Wpdirectorykit WP Directory KIT
Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6.
network
low complexity
wpdirectorykit CWE-862
critical
9.8
2024-12-13 CVE-2024-28980 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Recoverpoint for Virtual Machines 6.0
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH.
network
low complexity
dell CWE-327
critical
9.8
2024-12-13 CVE-2024-38488 Improper Restriction of Excessive Authentication Attempts vulnerability in Dell Recoverpoint for Virtual Machines 6.0
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability.
network
low complexity
dell CWE-307
critical
9.8
2024-12-13 CVE-2024-48007 Use of Hard-coded Credentials vulnerability in Dell Recoverpoint for Virtual Machines 6.0
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability.
network
low complexity
dell CWE-798
critical
9.8
2024-12-13 CVE-2024-9290 The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3.
network
low complexity
CWE-434
critical
9.8
2024-12-12 CVE-2024-49147 Deserialization of Untrusted Data vulnerability in Microsoft Update Catalog
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
network
low complexity
microsoft CWE-502
critical
9.8