Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-14 CVE-2024-50823 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
network
low complexity
lopalopa CWE-89
critical
9.8
2024-11-14 CVE-2024-50833 SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0
A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
network
low complexity
lopalopa CWE-89
critical
9.8
2024-11-14 CVE-2024-11209 Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0
A vulnerability was found in Apereo CAS 6.6.
network
low complexity
apereo CWE-287
critical
9.8
2024-11-13 CVE-2024-43091 Integer Overflow or Wraparound vulnerability in Google Android
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow.
network
low complexity
google CWE-190
critical
9.8
2024-11-13 CVE-2024-52295 Unspecified vulnerability in Dataease
DataEase is an open source data visualization analysis tool.
network
low complexity
dataease
critical
9.8
2024-11-13 CVE-2024-52300 Cross-site Scripting vulnerability in Xwiki PDF Viewer Macro
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.
network
low complexity
xwiki CWE-79
critical
9.0
2024-11-13 CVE-2024-52306 Unspecified vulnerability in Backpackforlaravel Filemanager
FileManager provides a Backpack admin interface for files and folder.
network
low complexity
backpackforlaravel
critical
9.8
2024-11-13 CVE-2024-48510 Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
network
low complexity
dotnetzip-semverd-project CWE-22
critical
9.8
2024-11-13 CVE-2024-10575 Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.
network
low complexity
schneider-electric
critical
9.8
2024-11-13 CVE-2024-21541 Code Injection vulnerability in Matthewmueller Dom-Iterator
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization.
network
low complexity
matthewmueller CWE-94
critical
9.8