Vulnerabilities > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-15	CVE-2024-9982	AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. network low complexity CWE-89 critical	9.8
2024-10-14	CVE-2024-48251	SQL Injection vulnerability in Wavelog 1.8.5 Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. network low complexity wavelog CWE-89 critical	9.8
2024-10-14	CVE-2024-48257	SQL Injection vulnerability in Wavelog 1.8.5 Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. network low complexity wavelog CWE-89 critical	9.8
2024-10-14	CVE-2024-48253	SQL Injection vulnerability in Magicbug Cloudlog 2.6.15 Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. network low complexity magicbug CWE-89 critical	9.8
2024-10-14	CVE-2024-48255	SQL Injection vulnerability in Magicbug Cloudlog 2.6.15 Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. network low complexity magicbug CWE-89 critical	9.8
2024-10-14	CVE-2024-9924	The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. network low complexity critical	9.8
2024-10-14	CVE-2024-9921	SQL Injection vulnerability in Teamplus Team+ PRO The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. network low complexity teamplus CWE-89 critical	9.8
2024-10-13	CVE-2024-9916	OS Command Injection vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. network low complexity usualtool CWE-78 critical	9.8
2024-10-12	CVE-2024-9047	The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. network low complexity CWE-22 critical	9.8
2024-10-11	CVE-2024-47331	SQL Injection vulnerability in Ninjateam Multi Step for Contact Form 7 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7. network low complexity ninjateam CWE-89 critical	9.8

Vulnerabilities > Critical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Critical"}]}

Vulnerabilities > Critical