Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-49060 Azure Stack HCI Elevation of Privilege Vulnerability
local
low complexity
CWE-798
8.8
8.8
2024-11-15 CVE-2024-41679 SQL Injection vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-89
8.8
8.8
2024-11-15 CVE-2024-45608 SQL Injection vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-89
8.8
8.8
2024-11-15 CVE-2024-40638 SQL Injection vulnerability in Glpi-Project Glpi
GLPI is a free asset and IT management software package.
network
low complexity
glpi-project CWE-89
8.8
8.8
2024-11-15 CVE-2024-11248 Stack-based Buffer Overflow vulnerability in Tenda Ac10 Firmware 16.03.10.13
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical.
network
low complexity
tenda CWE-121
8.8
8.8
2024-11-15 CVE-2024-39726 XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
8.2
2024-11-15 CVE-2024-44625 Path Traversal vulnerability in Gogs
Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
network
low complexity
gogs CWE-22
8.8
8.8
2024-11-15 CVE-2024-50653 CRMEB <=5.4.0 is vulnerable to Incorrect Access Control.
network
low complexity
 7.5
7.5
2024-11-15 CVE-2024-50654 lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
network
low complexity
 7.5
7.5
2024-11-15 CVE-2022-20649 A vulnerability in Cisco&nbsp;RCM for Cisco&nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges&nbsp;in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services.
network
high complexity
CWE-489
8.1
8.1