Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-20 CVE-2024-51466 IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability.
network
high complexity
CWE-917
critical
 9.0
9.0
2024-12-20 CVE-2024-12571 The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter.
network
low complexity
CWE-98
critical
 9.8
9.8
2024-12-19 CVE-2024-10244 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-12-19 CVE-2024-12626 The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
critical
 9.6
9.6
2024-12-18 CVE-2024-12287 The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2.
network
low complexity
CWE-287
critical
 9.8
9.8
2024-12-17 CVE-2024-8972 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.
network
low complexity
CWE-89
critical
 9.8
9.8
2024-12-17 CVE-2024-12356 A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
network
low complexity
CWE-77
critical
 9.8
9.8
2024-12-16 CVE-2024-10095 Deserialization of Untrusted Data vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
telerik CWE-502
critical
 9.8
9.8
2024-12-16 CVE-2024-49775 A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions).
network
low complexity
CWE-122
critical
 9.8
9.8
2024-12-16 CVE-2024-12641 TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability.
network
low complexity
CWE-79
critical
 9.6
9.6