Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-14 | CVE-2024-11209 | Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0 A vulnerability was found in Apereo CAS 6.6. | 9.8 |
2024-11-13 | CVE-2024-43091 | Integer Overflow or Wraparound vulnerability in Google Android In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. | 9.8 |
2024-11-13 | CVE-2024-52300 | Cross-site Scripting vulnerability in Xwiki PDF Viewer Macro macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. | 9.0 |
2024-11-13 | CVE-2024-52306 | Unspecified vulnerability in Backpackforlaravel Filemanager FileManager provides a Backpack admin interface for files and folder. | 9.8 |
2024-11-13 | CVE-2024-48510 | Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0 Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 9.8 |
2024-11-13 | CVE-2024-10575 | Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | 9.8 |
2024-11-13 | CVE-2024-21541 | Code Injection vulnerability in Matthewmueller Dom-Iterator All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. | 9.8 |
2024-11-13 | CVE-2024-10820 | Unspecified vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. | 9.8 |
2024-11-13 | CVE-2024-10828 | Unspecified vulnerability in Algolplus Advanced Order Export for Woocommerce The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. | 9.8 |
2024-11-12 | CVE-2024-28729 | Unspecified vulnerability in Dlink Dwr-2000M Firmware 1.34Me An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | 9.8 |