Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-47308 Missing Authorization vulnerability in Templately
Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2.
network
low complexity
templately CWE-862
critical
9.8
2024-11-01 CVE-2024-47311 Missing Authorization vulnerability in Kraftplugins Wheel of Life
Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8.
network
low complexity
kraftplugins CWE-862
critical
9.8
2024-11-01 CVE-2024-47321 Missing Authorization vulnerability in Androidbubbles WP Datepicker
Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1.
network
low complexity
androidbubbles CWE-862
critical
9.8
2024-11-01 CVE-2024-47358 Missing Authorization vulnerability in Code-Atlantic Popup Maker
Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2.
network
low complexity
code-atlantic CWE-862
critical
9.8
2024-11-01 CVE-2024-47359 Missing Authorization vulnerability in Depicter
Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2.
network
low complexity
depicter CWE-862
critical
9.8
2024-11-01 CVE-2024-10655 SQL Injection vulnerability in Tongda2000 Office Anywhere 2017
A vulnerability was found in Tongda OA 2017 up to 11.9.
network
low complexity
tongda2000 CWE-89
critical
9.8
2024-11-01 CVE-2024-37094 Unspecified vulnerability in Stylemixthemes Masterstudy LMS
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.
network
low complexity
stylemixthemes
critical
9.8
2024-11-01 CVE-2024-10654 Authorization Bypass Through User-Controlled Key vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical.
network
low complexity
totolink CWE-639
critical
9.1
2024-11-01 CVE-2024-7456 SQL Injection vulnerability in Lunary 1.4.2
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2.
network
low complexity
lunary CWE-89
critical
9.8
2024-11-01 CVE-2024-10616 SQL Injection vulnerability in Tongda2000 Office Anywhere
A vulnerability classified as critical has been found in Tongda OA up to 11.9.
network
low complexity
tongda2000 CWE-89
critical
9.8