Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-12-21 CVE-2024-12771 The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43.
network
low complexity
CWE-352
8.8
8.8
2024-12-21 CVE-2024-11977 The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10.
network
low complexity
CWE-94
7.3
7.3
2024-12-20 CVE-2024-56351 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
network
low complexity
jetbrains CWE-613
8.8
8.8
2024-12-20 CVE-2024-56356 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
network
low complexity
jetbrains CWE-611
7.1
7.1
2024-12-20 CVE-2024-40695 IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
network
low complexity
CWE-434
8.0
8.0
2024-12-20 CVE-2023-42867 Unspecified vulnerability in Apple Garageband
This issue was addressed with improved validation of the process entitlement and Team ID.
local
low complexity
apple
7.8
7.8
2024-12-20 CVE-2024-44195 Unspecified vulnerability in Apple Macos 15.0
A logic issue was addressed with improved validation.
network
low complexity
apple
7.5
7.5
2024-12-20 CVE-2022-32204 Unspecified vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46
There is an improper input verification vulnerability in Huawei printer product.
network
low complexity
huawei
7.5
7.5
2024-12-20 CVE-2022-34159 Unspecified vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46
Huawei printers have an input verification vulnerability.
network
low complexity
huawei
7.5
7.5
2024-12-20 CVE-2024-12829 OS Command Injection vulnerability in Arista NG Firewall 17.1.1
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability.
network
low complexity
arista CWE-78
8.8
8.8