Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-11150 | Path Traversal vulnerability in Vanquish User Extra Fields The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. | 9.8 |
| 2024-11-13 | CVE-2024-21541 | Code Injection vulnerability in Matthewmueller Dom-Iterator All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. | 9.8 |
| 2024-11-13 | CVE-2024-10820 | Unrestricted Upload of File with Dangerous Type vulnerability in Vanquish Woocommerce Upload Files The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. | 9.8 |
| 2024-11-13 | CVE-2024-10828 | Deserialization of Untrusted Data vulnerability in Algolplus Advanced Order Export for Woocommerce The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. | 9.8 |
| 2024-11-12 | CVE-2024-43498 | Unspecified vulnerability in Microsoft .Net and Visual Studio 2022 .NET and Visual Studio Remote Code Execution Vulnerability | 9.8 |
| 2024-11-12 | CVE-2024-43602 | Unspecified vulnerability in Microsoft Azure Cyclecloud Azure CycleCloud Remote Code Execution Vulnerability | 9.9 |
| 2024-11-12 | CVE-2024-43639 | Unspecified vulnerability in Microsoft products Windows KDC Proxy Remote Code Execution Vulnerability | 9.8 |
| 2024-11-12 | CVE-2024-44102 | Deserialization of Untrusted Data vulnerability in Siemens Telecontrol Server Basic 3.1 A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). | 10.0 |
| 2024-11-12 | CVE-2024-46888 | Path Traversal vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). | 9.9 |
| 2024-11-12 | CVE-2024-46890 | OS Command Injection vulnerability in Siemens Sinec INS 1.0 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). | 9.1 |