Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-16 | CVE-2024-12641 | TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. | 9.6 |
| 2024-12-14 | CVE-2024-11715 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. | 9.8 |
| 2024-12-13 | CVE-2024-55956 | Command Injection vulnerability in Cleo Harmony, Lexicom and Vltrader In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | 9.8 |
| 2024-12-13 | CVE-2022-45806 | Missing Authorization vulnerability in Strategy11 Formidable Forms Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. | 9.8 |
| 2024-12-13 | CVE-2023-40003 | Missing Authorization vulnerability in Wedevs WP Project Manager Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7. | 9.8 |
| 2024-12-13 | CVE-2023-40005 | Missing Authorization vulnerability in Awesomemotive Easy Digital Downloads Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. | 9.8 |
| 2024-12-13 | CVE-2024-28980 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Dell Recoverpoint for Virtual Machines 6.0 Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. | 9.8 |
| 2024-12-13 | CVE-2024-38488 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dell Recoverpoint for Virtual Machines 6.0 Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. | 9.8 |
| 2024-12-13 | CVE-2024-48007 | Use of Hard-coded Credentials vulnerability in Dell Recoverpoint for Virtual Machines 6.0 Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. | 9.8 |
| 2024-12-13 | CVE-2024-9290 | The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. | 9.8 |