Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2024-11212 | SQL Injection vulnerability in Mayurik Best Employee Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. | 8.8 |
| 2024-11-14 | CVE-2024-10962 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. | 8.8 |
| 2024-11-14 | CVE-2024-11208 | Insufficient Session Expiration vulnerability in Apereo Central Authentication Service 6.6.0 A vulnerability was found in Apereo CAS 6.6 and classified as problematic. | 8.1 |
| 2024-11-14 | CVE-2022-31668 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31669 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31670 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31671 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. | 7.4 |
| 2024-11-14 | CVE-2024-45670 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 8.1 |
| 2024-11-13 | CVE-2023-35659 | Unspecified vulnerability in Google Android In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. | 7.8 |
| 2024-11-13 | CVE-2023-35686 | Unspecified vulnerability in Google Android In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. | 7.8 |