Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-08 | CVE-2025-0282 | Out-of-bounds Write vulnerability in Ivanti products A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 9.0 |
| 2025-01-08 | CVE-2024-11350 | The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. | 9.8 |
| 2025-01-08 | CVE-2024-54676 | Unspecified vulnerability in Apache Openmeetings Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation. | 9.8 |
| 2025-01-08 | CVE-2024-11635 | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. | 9.8 |
| 2025-01-08 | CVE-2024-11613 | The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. | 9.8 |
| 2025-01-08 | CVE-2023-52953 | Path Traversal vulnerability in Huawei Emui and Harmonyos Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 9.1 |
| 2025-01-08 | CVE-2024-50603 | OS Command Injection vulnerability in Aviatrix Controller An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. | 9.8 |
| 2025-01-07 | CVE-2024-49649 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buildapp Build APP Online Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23. | 9.8 |
| 2025-01-07 | CVE-2024-12252 | The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. | 9.8 |
| 2025-01-07 | CVE-2024-12264 | The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. | 9.8 |