Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-52293 | Path Traversal vulnerability in Craftcms Craft CMS Craft is a content management system (CMS). | 7.2 |
| 2024-11-13 | CVE-2024-52298 | Unspecified vulnerability in Xwiki PDF Viewer Macro macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. | 7.5 |
| 2024-11-13 | CVE-2024-52299 | Unspecified vulnerability in Xwiki PDF Viewer Macro macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. | 7.5 |
| 2024-11-13 | CVE-2024-50852 | Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. | 8.8 |
| 2024-11-13 | CVE-2024-50853 | Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. | 8.8 |
| 2024-11-13 | CVE-2024-50854 | Out-of-bounds Write vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. | 8.8 |
| 2024-11-13 | CVE-2024-10800 | Missing Authorization vulnerability in Vanquish User Extra Fields The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. | 8.8 |
| 2024-11-13 | CVE-2024-9409 | Resource Exhaustion vulnerability in Schneider-Electric products CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. | 7.5 |
| 2024-11-13 | CVE-2024-10174 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. | 7.3 |
| 2024-11-13 | CVE-2024-10816 | The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. network low complexity | 7.5 |