Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-17 | CVE-2024-27311 | Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine DDI Central Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | 8.8 |
2024-07-17 | CVE-2024-39877 | Code Injection vulnerability in Apache Airflow Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. | 8.8 |
2024-07-17 | CVE-2024-6467 | Unspecified vulnerability in Reputeinfosystems Bookingpress The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. | 8.8 |
2024-07-17 | CVE-2024-6660 | Missing Authorization vulnerability in Reputeinfosystems Bookingpress The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. | 8.8 |
2024-07-16 | CVE-2024-21136 | Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). network low complexity | 8.6 |
2024-07-16 | CVE-2024-21141 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). local low complexity | 8.2 |
2024-07-16 | CVE-2024-21146 | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). network low complexity | 8.1 |
2024-07-16 | CVE-2024-21147 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). network high complexity | 7.4 |
2024-07-16 | CVE-2024-21149 | Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). network low complexity | 8.1 |
2024-07-16 | CVE-2024-21152 | Vulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). network low complexity | 8.1 |