Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-09 | CVE-2024-50262 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves. | 7.8 |
| 2024-11-09 | CVE-2024-10626 | The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. | 8.8 |
| 2024-11-09 | CVE-2024-10673 | The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. | 8.8 |
| 2024-11-09 | CVE-2024-10674 | The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. | 8.8 |
| 2024-11-08 | CVE-2024-52002 | Cross-Site Request Forgery (CSRF) vulnerability in Combodo Itop Combodo iTop is a simple, web based IT Service Management tool. | 8.8 |
| 2024-11-08 | CVE-2024-11026 | Use of Hard-coded Credentials vulnerability in Free-Now Freenow 12.10.0 A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. | 7.4 |
| 2024-11-08 | CVE-2024-51152 | Unrestricted Upload of File with Dangerous Type vulnerability in Alexstack Laravel CMS File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component. | 7.2 |
| 2024-11-08 | CVE-2024-25431 | Out-of-bounds Read vulnerability in Bytecodealliance Webassembly Micro Runtime An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. | 7.8 |
| 2024-11-08 | CVE-2024-45763 | OS Command Injection vulnerability in Dell Enterprise Sonic Distribution Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. | 7.2 |
| 2024-11-08 | CVE-2024-50634 | Unspecified vulnerability in Sbond Watcharr A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. | 8.8 |