Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-50833 | SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0 A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. | 9.8 |
| 2024-11-14 | CVE-2024-11209 | Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0 A vulnerability was found in Apereo CAS 6.6. | 9.8 |
| 2024-11-13 | CVE-2024-43091 | Integer Overflow or Wraparound vulnerability in Google Android In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. | 9.8 |
| 2024-11-13 | CVE-2024-52295 | Unspecified vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 9.8 |
| 2024-11-13 | CVE-2024-52300 | Cross-site Scripting vulnerability in Xwiki PDF Viewer Macro macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. | 9.0 |
| 2024-11-13 | CVE-2024-52306 | Unspecified vulnerability in Backpackforlaravel Filemanager FileManager provides a Backpack admin interface for files and folder. | 9.8 |
| 2024-11-13 | CVE-2024-48510 | Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0 Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 9.8 |
| 2024-11-13 | CVE-2024-10575 | Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | 9.8 |
| 2024-11-13 | CVE-2024-21541 | Code Injection vulnerability in Matthewmueller Dom-Iterator Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. | 9.8 |
| 2024-11-13 | CVE-2024-10820 | Unspecified vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. | 9.8 |