Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-17 | CVE-2024-12356 | Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 9.8 |
| 2024-12-16 | CVE-2024-10095 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-12-16 | CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. | 9.8 |
| 2024-12-16 | CVE-2024-12641 | TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. | 9.6 |
| 2024-12-14 | CVE-2024-11715 | Missing Authorization vulnerability in Wpjobportal WP JOB Portal The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. | 9.8 |
| 2024-12-13 | CVE-2024-55956 | Command Injection vulnerability in Cleo Lexicom and Vltrader In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | 9.8 |
| 2024-12-13 | CVE-2024-54139 | Cross-site Scripting vulnerability in Combodo Itop Combodo iTop is an open source and web-based IT service management platform. | 9.6 |
| 2024-12-13 | CVE-2022-45806 | Missing Authorization vulnerability in Strategy11 Formidable Forms Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. | 9.8 |
| 2024-12-13 | CVE-2023-22697 | Missing Authorization vulnerability in Ays-Pro Survey Maker Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0. | 9.8 |
| 2024-12-13 | CVE-2023-36681 | Missing Authorization vulnerability in Coolplugins Cryptocurrency Widgets Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2. | 9.8 |