Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-11 | CVE-2024-10251 | Incorrect Default Permissions vulnerability in Ivanti Security Controls Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-11597 | Incorrect Default Permissions vulnerability in Ivanti Performance Manager 2023.3/2024.1/2024.3 Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-11598 | Incorrect Default Permissions vulnerability in Ivanti Application Control 2023.3/2024.1/2024.3 Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-47760 | Unspecified vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 8.8 |
| 2024-12-11 | CVE-2024-47761 | Improper Authentication vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 7.2 |
| 2024-12-11 | CVE-2024-48912 | Unspecified vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 8.1 |
| 2024-12-11 | CVE-2024-8496 | Incorrect Default Permissions vulnerability in Ivanti Workspace Control Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-9845 | Incorrect Default Permissions vulnerability in Ivanti Automation Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | 7.8 |
| 2024-12-11 | CVE-2024-47758 | Unspecified vulnerability in Glpi-Project Glpi GLPI is a free asset and IT management software package. | 8.8 |
| 2024-12-11 | CVE-2024-11840 | The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. | 7.1 |