Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-12-04 | CVE-2024-54154 | Path Traversal vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | 9.8 |
2024-12-03 | CVE-2024-25020 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. | 9.8 |
2024-12-03 | CVE-2024-25019 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. | 9.8 |
2024-12-03 | CVE-2024-40691 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | 9.8 |
2024-12-03 | CVE-2024-49415 | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | 9.8 |
2024-12-02 | CVE-2018-9418 | Out-of-bounds Write vulnerability in Google Android In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. | 9.8 |
2024-12-02 | CVE-2018-9430 | Out-of-bounds Write vulnerability in Google Android In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 |
2024-12-02 | CVE-2024-46909 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 9.8 |
2024-12-01 | CVE-2024-12007 | SQL Injection vulnerability in Code-Projects Farmacia 1.0 A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. | 9.8 |
2024-11-30 | CVE-2024-53739 | Use of Incorrectly-Resolved Name or Reference vulnerability in Coolplugins Cryptocurrency Widgets for Elementor Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4. | 9.8 |