Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-12-20 CVE-2024-40695 IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
network
low complexity
CWE-434
8.0
8.0
2024-12-19 CVE-2024-25131 A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated.
network
low complexity
CWE-20
8.8
8.8
2024-12-19 CVE-2024-11740 The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03.
network
low complexity
CWE-94
7.3
7.3
2024-12-19 CVE-2024-35141 IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.
local
low complexity
CWE-250
7.8
7.8
2024-12-19 CVE-2022-44512 Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-787
7.8
7.8
2024-12-19 CVE-2022-44513 Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-787
7.8
7.8
2024-12-19 CVE-2022-44514 Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-416
7.8
7.8
2024-12-19 CVE-2022-44518 Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-416
7.8
7.8
2024-12-19 CVE-2022-44520 Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
CWE-416
7.8
7.8
2024-12-18 CVE-2024-39804 A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS.
local
low complexity
CWE-347
7.1
7.1