Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-15 CVE-2023-49566 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection.
network
low complexity
apache CWE-502
8.8
2024-07-15 CVE-2024-23794 Unspecified vulnerability in Otrs
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation.
network
high complexity
otrs
7.5
2024-07-15 CVE-2024-5630 Unrestricted Upload of File with Dangerous Type vulnerability in Elearningfreak Insert or Embed Articulate Content
The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
network
low complexity
elearningfreak CWE-434
8.8
2024-07-15 CVE-2024-6075 Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq WP Estore
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
network
low complexity
tipsandtricks-hq CWE-352
8.8
2024-07-15 CVE-2024-21513 Unspecified vulnerability in Langchain Langchain-Experimental
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values.
network
high complexity
langchain
8.5
2024-07-15 CVE-2024-6737 Unspecified vulnerability in Electronic Official Document Management System Project Electronic Official Document Management System
The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account settings functionality and create an administrator account.
8.8
2024-07-15 CVE-2024-39731 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Datacap
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2024-07-12 CVE-2024-5902 The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping.
network
low complexity
7.2
2024-07-12 CVE-2024-40518 Unspecified vulnerability in Seacms 12.9
SeaCMS 12.9 has a remote code execution vulnerability.
network
low complexity
seacms
8.8
2024-07-12 CVE-2024-40519 Unspecified vulnerability in Seacms 12.9
SeaCMS 12.9 has a remote code execution vulnerability.
network
low complexity
seacms
8.8