Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-31 CVE-2023-6602 A flaw was found in FFmpeg's TTY Demuxer.
network
low complexity
CWE-99
5.3
2024-12-31 CVE-2023-6603 A flaw was found in FFmpeg's HLS playlist parsing.
network
low complexity
CWE-99
7.5
2024-12-31 CVE-2024-25133 A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated.
network
low complexity
CWE-284
8.8
2024-12-31 CVE-2024-13061 The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability.
network
low complexity
CWE-290
critical
9.8
2024-12-31 CVE-2024-45497 A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod.
network
low complexity
CWE-732
7.6
2024-12-31 CVE-2024-12838 The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators.
network
low complexity
CWE-302
8.8
2024-12-31 CVE-2024-12839 The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability.
network
low complexity
CWE-294
8.8
2024-12-31 CVE-2024-13040 The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability.
network
low complexity
CWE-639
8.8
2024-12-30 CVE-2024-54181 IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code.
network
low complexity
CWE-78
7.2
2024-12-29 CVE-2024-12238 The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22.
network
low complexity
CWE-94
6.3