Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-14 CVE-2024-11209 Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0
A vulnerability was found in Apereo CAS 6.6.
network
low complexity
apereo CWE-287
critical
9.8
2024-11-13 CVE-2024-43091 Integer Overflow or Wraparound vulnerability in Google Android
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow.
network
low complexity
google CWE-190
critical
9.8
2024-11-13 CVE-2024-52300 Cross-site Scripting vulnerability in Xwiki PDF Viewer Macro
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.
network
low complexity
xwiki CWE-79
critical
9.0
2024-11-13 CVE-2024-52306 Unspecified vulnerability in Backpackforlaravel Filemanager
FileManager provides a Backpack admin interface for files and folder.
network
low complexity
backpackforlaravel
critical
9.8
2024-11-13 CVE-2024-48510 Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
network
low complexity
dotnetzip-semverd-project CWE-22
critical
9.8
2024-11-13 CVE-2024-10575 Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.
network
low complexity
schneider-electric
critical
9.8
2024-11-13 CVE-2024-21541 Code Injection vulnerability in Matthewmueller Dom-Iterator
All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization.
network
low complexity
matthewmueller CWE-94
critical
9.8
2024-11-13 CVE-2024-10820 Unspecified vulnerability in Vanquish Woocommerce Upload Files
The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3.
network
low complexity
vanquish
critical
9.8
2024-11-13 CVE-2024-10828 Unspecified vulnerability in Algolplus Advanced Order Export for Woocommerce
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled.
network
low complexity
algolplus
critical
9.8
2024-11-12 CVE-2024-28729 Unspecified vulnerability in Dlink Dwr-2000M Firmware 1.34Me
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.
network
low complexity
dlink
critical
9.8