Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2023-3441 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. | 9.1 |
| 2024-10-01 | CVE-2024-9265 | Unspecified vulnerability in Coderevolution Echo RSS Feed Post Generator The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. | 9.8 |
| 2024-10-01 | CVE-2024-9289 | Missing Authentication for Critical Function vulnerability in Redefiningtheweb Affiliate PRO The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. | 9.8 |
| 2024-10-01 | CVE-2024-9106 | The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. | 9.8 |
| 2024-10-01 | CVE-2024-9108 | The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. | 9.8 |
| 2024-10-01 | CVE-2024-9360 | SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0 A vulnerability was found in code-projects Restaurant Reservation System 1.0. | 9.8 |
| 2024-10-01 | CVE-2024-9359 | SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0 A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. | 9.8 |
| 2024-09-30 | CVE-2024-8456 | Missing Authentication for Critical Function vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices. | 9.8 |
| 2024-09-30 | CVE-2024-8450 | Use of Hard-coded Credentials vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges. | 9.8 |
| 2024-09-29 | CVE-2024-9328 | SQL Injection vulnerability in Mayurik Advocate Office Management System 1.0 A vulnerability was found in SourceCodester Advocate Office Management System 1.0. | 9.8 |