Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-50853 | Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. | 8.8 |
| 2024-11-13 | CVE-2024-50854 | Out-of-bounds Write vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. | 8.8 |
| 2024-11-13 | CVE-2024-10800 | Missing Authorization vulnerability in Vanquish User Extra Fields The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. | 8.8 |
| 2024-11-13 | CVE-2024-9409 | Resource Exhaustion vulnerability in Schneider-Electric products CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. | 7.5 |
| 2024-11-13 | CVE-2024-10174 | The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. | 7.3 |
| 2024-11-13 | CVE-2024-10816 | The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. network low complexity | 7.5 |
| 2024-11-13 | CVE-2024-10629 | The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. | 8.8 |
| 2024-11-13 | CVE-2024-37398 | Unspecified vulnerability in Ivanti Secure Access Client Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-11-12 | CVE-2024-49507 | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2024-11-12 | CVE-2024-49508 | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |