Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-11310 Path Traversal vulnerability in Trcore DVC
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
network
low complexity
trcore CWE-22
7.5
7.5
2024-11-17 CVE-2020-25720 A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation.
network
high complexity
CWE-264
7.5
7.5
2024-11-17 CVE-2023-4639 A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests.
network
high complexity
CWE-444
7.4
7.4
2024-11-17 CVE-2024-0793 A flaw was found in kube-controller-manager.
network
low complexity
CWE-20
7.7
7.7
2024-11-16 CVE-2024-10645 The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘br’ parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2024-11-16 CVE-2024-10728 The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16.
network
low complexity
CWE-862
8.8
8.8
2024-11-16 CVE-2024-9192 The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0.
network
low complexity
CWE-269
8.8
8.8
2024-11-16 CVE-2024-9839 The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5.
network
low complexity
CWE-94
7.3
7.3
2024-11-16 CVE-2024-9849 The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6.
network
low complexity
 8.8
8.8
2024-11-16 CVE-2024-9935 The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function.
network
low complexity
CWE-22
7.5
7.5