Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-42781 | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. | 9.8 |
| 2024-08-21 | CVE-2024-42782 | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. | 9.8 |
| 2024-08-21 | CVE-2024-42783 | SQL Injection vulnerability in Lopalopa Music Management System 1.0 Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. | 9.8 |
| 2024-08-21 | CVE-2024-42784 | SQL Injection vulnerability in Lopalopa Music Management System 1.0 A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. | 9.8 |
| 2024-08-21 | CVE-2024-40453 | Code Injection vulnerability in Squirrelly 9.0.0 squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. | 9.8 |
| 2024-08-21 | CVE-2024-5335 | The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie in versions up to , and including, 1.6.4. network low complexity critical | 9.8 |
| 2024-08-21 | CVE-2024-7854 | SQL Injection vulnerability in Sjhoo WOO Inquiry 0.1 The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-08-20 | CVE-2024-42361 | SQL Injection vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. | 9.8 |
| 2024-08-20 | CVE-2024-6800 | Improper Verification of Cryptographic Signature vulnerability in Github Enterprise Server An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. | 9.8 |
| 2024-08-20 | CVE-2024-38175 | An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | 9.6 |