Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-31 | CVE-2024-10561 | SQL Injection vulnerability in Codezips PET Shop Management System 1.0 A vulnerability was found in Codezips Pet Shop Management System 1.0. | 9.8 |
| 2024-10-31 | CVE-2024-10556 | SQL Injection vulnerability in Codezips PET Shop Management System 1.0 A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. | 9.8 |
| 2024-10-30 | CVE-2024-31151 | Use of Hard-coded Credentials vulnerability in Level1 Wbr-6012 Firmware R0.40E6 A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. | 9.8 |
| 2024-10-30 | CVE-2024-10525 | Out-of-bounds Write vulnerability in Eclipse Mosquitto In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. | 9.8 |
| 2024-10-30 | CVE-2024-8512 | The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. | 9.1 |
| 2024-10-30 | CVE-2024-10507 | SQL Injection vulnerability in Codezips Free Exam Hall Seating Management System 1.0 A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. | 9.8 |
| 2024-10-30 | CVE-2024-10509 | SQL Injection vulnerability in Codezips Online Institute Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. | 9.8 |
| 2024-10-29 | CVE-2024-51378 | OS Command Injection vulnerability in Cyberpanel getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
| 2024-10-29 | CVE-2024-51567 | Missing Authentication for Critical Function vulnerability in Cyberpanel upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
| 2024-10-29 | CVE-2024-50428 | Missing Authorization vulnerability in Mondula Multi Step Form Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. | 9.8 |