Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-16 CVE-2024-12642 TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability.
network
low complexity
CWE-23
8.1
8.1
2024-12-16 CVE-2024-12643 The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability.
network
low complexity
CWE-36
8.1
8.1
2024-12-16 CVE-2024-12644 The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability.
network
low complexity
CWE-36
7.1
7.1
2024-12-16 CVE-2024-12645 The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability.
network
low complexity
CWE-23
6.5
6.5
2024-12-16 CVE-2024-12646 The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability.
network
low complexity
CWE-36
8.1
8.1
2024-12-16 CVE-2024-8798 Out-of-bounds Write vulnerability in Zephyrproject Zephyr
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
low complexity
zephyrproject CWE-787
6.5
6.5
2024-12-14 CVE-2024-31891 IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability.
local
low complexity
CWE-250
7.8
7.8
2024-12-14 CVE-2024-31892 IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements.
network
high complexity
CWE-89
7.5
7.5
2024-12-14 CVE-2024-11720 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form.
network
low complexity
CWE-79
7.2
7.2
2024-12-14 CVE-2024-11721 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5.
network
high complexity
CWE-269
8.1
8.1