Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9813 | SQL Injection vulnerability in Codezips Pharmacy Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. | 9.8 |
| 2024-10-10 | CVE-2024-47636 | Deserialization of Untrusted Data vulnerability in Eyecix Jobsearch WP JOB Board Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9. | 9.8 |
| 2024-10-10 | CVE-2024-9793 | OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23 A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. | 9.8 |
| 2024-10-10 | CVE-2024-9794 | Unrestricted Upload of File with Dangerous Type vulnerability in Codezips Online Shopping Portal 1.0 A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. | 9.8 |
| 2024-10-10 | CVE-2024-9201 | SQL Injection vulnerability in Seur The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. | 9.8 |
| 2024-10-10 | CVE-2024-45115 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. | 9.8 |
| 2024-10-10 | CVE-2024-9796 | SQL Injection vulnerability in Internet-Formation Wp-Advanced-Search The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | 9.8 |
| 2024-10-10 | CVE-2024-9518 | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. | 9.8 |
| 2024-10-10 | CVE-2024-48949 | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
| 2024-10-09 | CVE-2024-9465 | SQL Injection vulnerability in Paloaltonetworks Expedition An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. | 9.1 |