Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-16 CVE-2024-12657 NULL Pointer Dereference vulnerability in Iobit Advanced Systemcare Ultimate 11.0.1.58/14.2.0.220
A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic.
local
low complexity
iobit CWE-476
5.5
5.5
2024-12-16 CVE-2024-4762 An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges.
local
low complexity
 7.8
7.8
2024-12-16 CVE-2024-6001 An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges.
network
high complexity
 8.1
8.1
2024-12-16 CVE-2024-12653 NULL Pointer Dereference vulnerability in Fabulatech USB Over Network 6.0.6.1
A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1.
local
low complexity
fabulatech CWE-476
5.5
5.5
2024-12-16 CVE-2024-12654 NULL Pointer Dereference vulnerability in Fabulatech USB Over Network 6.0.6.1
A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1.
local
low complexity
fabulatech CWE-476
5.5
5.5
2024-12-16 CVE-2024-49775 A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions).
network
low complexity
CWE-122
critical
 9.8
9.8
2024-12-16 CVE-2024-54355 Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.
network
low complexity
CWE-352
8.8
8.8
2024-12-16 CVE-2024-54367 Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
network
low complexity
ultimatemember CWE-502
critical
 9.8
9.8
2024-12-16 CVE-2024-54382 Path Traversal vulnerability in Bold-Themes Bold Page Builder
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5.
network
low complexity
bold-themes CWE-22
4.9
4.9
2024-12-16 CVE-2024-12641 TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability.
network
low complexity
CWE-79
critical
 9.6
9.6