Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-17 CVE-2024-12356 Command Injection vulnerability in Beyondtrust Remote Support
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
network
low complexity
beyondtrust CWE-77
critical
9.8
2024-12-16 CVE-2024-10095 Deserialization of Untrusted Data vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
telerik CWE-502
critical
9.8
2024-12-16 CVE-2024-54367 Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
network
low complexity
ultimatemember CWE-502
critical
9.8
2024-12-16 CVE-2024-12641 TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability.
network
low complexity
CWE-79
critical
9.6
2024-12-14 CVE-2024-11715 Missing Authorization vulnerability in Wpjobportal WP JOB Portal
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2.
network
low complexity
wpjobportal CWE-862
critical
9.8
2024-12-13 CVE-2024-55956 Command Injection vulnerability in Cleo Lexicom and Vltrader
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
network
low complexity
cleo CWE-77
critical
9.8
2024-12-13 CVE-2024-54139 Cross-site Scripting vulnerability in Combodo Itop
Combodo iTop is an open source and web-based IT service management platform.
network
low complexity
combodo CWE-79
critical
9.6
2024-12-13 CVE-2022-45806 Missing Authorization vulnerability in Strategy11 Formidable Forms
Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4.
network
low complexity
strategy11 CWE-862
critical
9.8
2024-12-13 CVE-2023-22697 Missing Authorization vulnerability in Ays-Pro Survey Maker
Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0.
network
low complexity
ays-pro CWE-862
critical
9.8
2024-12-13 CVE-2023-36681 Missing Authorization vulnerability in Coolplugins Cryptocurrency Widgets
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2.
network
low complexity
coolplugins CWE-862
critical
9.8