Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-52434 Code Injection vulnerability in Supsystic Popup
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29.
network
low complexity
supsystic CWE-94
critical
9.1
2024-11-18 CVE-2024-42383 Unspecified vulnerability in Cesanta Mongoose
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
network
low complexity
cesanta
critical
9.8
2024-11-15 CVE-2024-11256 SQL Injection vulnerability in 1000Projects Portfolio Management System MCA 1.0
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical.
network
low complexity
1000projects CWE-89
critical
9.8
2024-11-15 CVE-2024-11257 SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0
A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0.
network
low complexity
1000projects CWE-89
critical
9.8
2024-11-15 CVE-2024-11258 SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0.
network
low complexity
1000projects CWE-89
critical
9.8
2024-11-15 CVE-2024-11250 SQL Injection vulnerability in Code-Projects Inventory Management 1.0
A vulnerability was found in code-projects Inventory Management up to 1.0.
network
low complexity
code-projects CWE-89
critical
9.8
2024-11-15 CVE-2024-11244 SQL Injection vulnerability in Anisha Farmacia 1.0
A vulnerability classified as critical was found in code-projects Farmacia 1.0.
network
low complexity
anisha CWE-89
critical
9.8
2024-11-15 CVE-2024-11237 Out-of-bounds Write vulnerability in Tp-Link Vn020-F3V(T) Firmware Ttv6.2.1021
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021.
network
low complexity
tp-link CWE-787
critical
9.8
2024-11-15 CVE-2021-3838 Unspecified vulnerability in Dompdf Project Dompdf
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function.
network
low complexity
dompdf-project
critical
9.8
2024-11-15 CVE-2021-3902 Unspecified vulnerability in Dompdf Project Dompdf
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks.
network
low complexity
dompdf-project
critical
9.8