Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-8341 Unrestricted Upload of File with Dangerous Type vulnerability in Nelzkie15 PET Shop Management System 1.0
A vulnerability classified as critical was found in SourceCodester Petshop Management System 1.0.
network
low complexity
nelzkie15 CWE-434
critical
 9.8
9.8
2024-08-30 CVE-2024-8336 SQL Injection vulnerability in Oretnom23 Music Gallery Site 1.0
A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0.
network
low complexity
oretnom23 CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-8335 SQL Injection vulnerability in Openrapid Rapidcms 1.3.1
A vulnerability classified as critical has been found in OpenRapid RapidCMS up to 1.3.1.
network
low complexity
openrapid CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-8332 SQL Injection vulnerability in Master-Nan Sweet-Cms
A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f.
network
low complexity
master-nan CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-8331 SQL Injection vulnerability in Openrapid Rapidcms 1.3.1
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1.
network
low complexity
openrapid CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-45491 Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat
An issue was discovered in libexpat before 2.6.3.
network
low complexity
libexpat-project CWE-190
critical
 9.8
9.8
2024-08-30 CVE-2024-45492 Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat
An issue was discovered in libexpat before 2.6.3.
network
low complexity
libexpat-project CWE-190
critical
 9.8
9.8
2024-08-29 CVE-2024-6670 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-6671 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-41361 Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php
network
low complexity
sourcefabric CWE-94
critical
 9.8
9.8