Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-18 | CVE-2024-48962 | Code Injection vulnerability in Apache Ofbiz Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | 8.8 |
| 2024-11-18 | CVE-2024-49574 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | 8.8 |
| 2024-11-18 | CVE-2024-22067 | Unspecified vulnerability in ZTE Nh8091 Firmware Znh8091V1.8 ZTE NH8091 product has an improper permission control vulnerability. | 8.8 |
| 2024-11-17 | CVE-2020-25720 | A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. | 7.5 |
| 2024-11-17 | CVE-2024-0793 | A flaw was found in kube-controller-manager. | 7.7 |
| 2024-11-15 | CVE-2024-11262 | Out-of-bounds Write vulnerability in Razormist Student Record Management System 1.0 A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. | 7.8 |
| 2024-11-15 | CVE-2024-11263 | Unspecified vulnerability in Zephyrproject Zephyr When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols. | 8.4 |
| 2024-11-15 | CVE-2017-13310 | Incorrect Default Permissions vulnerability in Google Android In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. | 7.8 |
| 2024-11-15 | CVE-2017-13312 | Unspecified vulnerability in Google Android 8.0 In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. | 7.8 |
| 2024-11-15 | CVE-2017-13314 | Missing Authorization vulnerability in Google Android In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. | 7.8 |