Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-54116 Out-of-bounds Read vulnerability in Huawei Harmonyos 5.0.0
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
network
low complexity
huawei CWE-125
7.5
7.5
2024-12-12 CVE-2024-54117 Unspecified vulnerability in Huawei Harmonyos 5.0.0
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei
7.5
7.5
2024-12-12 CVE-2024-12312 The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie.
network
high complexity
CWE-502
8.1
8.1
2024-12-12 CVE-2024-12040 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode.
network
low complexity
CWE-98
8.8
8.8
2024-12-12 CVE-2024-12172 The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21.
network
low complexity
CWE-862
7.5
7.5
2024-12-12 CVE-2024-10590 The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07.
network
low complexity
CWE-434
8.8
8.8
2024-12-12 CVE-2024-10910 The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5.
network
low complexity
CWE-94
7.3
7.3
2024-12-12 CVE-2024-10111 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3.
network
high complexity
CWE-287
8.1
8.1
2024-12-12 CVE-2024-11443 The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2.
network
low complexity
CWE-862
8.8
8.8
2024-12-12 CVE-2024-11689 The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29.
network
low complexity
CWE-352
8.8
8.8