Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-31 | CVE-2024-10597 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability classified as critical has been found in ESAFENET CDG 5. | 9.8 |
| 2024-10-31 | CVE-2024-10392 | The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. | 9.8 |
| 2024-10-31 | CVE-2024-10561 | SQL Injection vulnerability in Codezips PET Shop Management System 1.0 A vulnerability was found in Codezips Pet Shop Management System 1.0. | 9.8 |
| 2024-10-31 | CVE-2024-10556 | SQL Injection vulnerability in Codezips PET Shop Management System 1.0 A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. | 9.8 |
| 2024-10-30 | CVE-2024-31151 | Use of Hard-coded Credentials vulnerability in Level1 Wbr-6012 Firmware R0.40E6 A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. | 9.8 |
| 2024-10-30 | CVE-2024-10525 | Out-of-bounds Write vulnerability in Eclipse Mosquitto In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. | 9.8 |
| 2024-10-30 | CVE-2024-8512 | The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. | 9.1 |
| 2024-10-30 | CVE-2024-10507 | SQL Injection vulnerability in Codezips Free Exam Hall Seating Management System 1.0 A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. | 9.8 |
| 2024-10-30 | CVE-2024-10509 | SQL Injection vulnerability in Codezips Online Institute Management System 1.0 A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. | 9.8 |
| 2024-10-29 | CVE-2024-51378 | OS Command Injection vulnerability in Cyberpanel getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |