Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-31 CVE-2024-10600 SQL Injection vulnerability in Tongda2000 Office Anywhere 2017
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6.
network
low complexity
tongda2000 CWE-89
critical
 9.8
9.8
2024-10-31 CVE-2024-10601 SQL Injection vulnerability in Tongda2000 Office Anywhere 2017
A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical.
network
low complexity
tongda2000 CWE-89
critical
 9.8
9.8
2024-10-31 CVE-2024-10595 SQL Injection vulnerability in Esafenet CDG 5
A vulnerability was found in ESAFENET CDG 5.
network
low complexity
esafenet CWE-89
critical
 9.8
9.8
2024-10-31 CVE-2024-10597 SQL Injection vulnerability in Esafenet CDG 5
A vulnerability classified as critical has been found in ESAFENET CDG 5.
network
low complexity
esafenet CWE-89
critical
 9.8
9.8
2024-10-31 CVE-2024-10392 The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89.
network
low complexity
CWE-434
critical
 9.8
9.8
2024-10-31 CVE-2024-10561 SQL Injection vulnerability in Codezips PET Shop Management System 1.0
A vulnerability was found in Codezips Pet Shop Management System 1.0.
network
low complexity
codezips CWE-89
critical
 9.8
9.8
2024-10-31 CVE-2024-10556 SQL Injection vulnerability in Codezips PET Shop Management System 1.0
A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0.
network
low complexity
codezips CWE-89
critical
 9.8
9.8
2024-10-30 CVE-2024-31151 Use of Hard-coded Credentials vulnerability in Level1 Wbr-6012 Firmware R0.40E6
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot.
network
low complexity
level1 CWE-798
critical
 9.8
9.8
2024-10-30 CVE-2024-10525 Out-of-bounds Write vulnerability in Eclipse Mosquitto
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback.
network
low complexity
eclipse CWE-787
critical
 9.8
9.8
2024-10-30 CVE-2024-8512 The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function.
network
low complexity
CWE-95
critical
 9.1
9.1