Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-52295 | Unspecified vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 9.8 |
| 2024-11-13 | CVE-2024-52300 | Cross-site Scripting vulnerability in Xwiki PDF Viewer Macro macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. | 9.0 |
| 2024-11-13 | CVE-2024-52306 | Unspecified vulnerability in Backpackforlaravel Filemanager FileManager provides a Backpack admin interface for files and folder. | 9.8 |
| 2024-11-13 | CVE-2024-48510 | Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0 Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 9.8 |
| 2024-11-13 | CVE-2024-10575 | Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | 9.8 |
| 2024-11-13 | CVE-2024-21541 | Code Injection vulnerability in Matthewmueller Dom-Iterator Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. | 9.8 |
| 2024-11-13 | CVE-2024-10820 | Unspecified vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. | 9.8 |
| 2024-11-13 | CVE-2024-10828 | Unspecified vulnerability in Algolplus Advanced Order Export for Woocommerce The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. | 9.8 |
| 2024-11-12 | CVE-2024-28729 | Unspecified vulnerability in Dlink Dwr-2000M Firmware 1.34Me An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | 9.8 |
| 2024-11-12 | CVE-2024-26011 | Missing Authentication for Critical Function vulnerability in Fortinet products A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets. | 9.8 |