Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-08 | CVE-2024-56446 | Use of Uninitialized Resource vulnerability in Huawei Harmonyos 5.0.0 Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | 7.5 |
| 2025-01-08 | CVE-2024-56447 | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2025-01-08 | CVE-2024-56434 | Unspecified vulnerability in Huawei Emui and Harmonyos UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. | 7.5 |
| 2025-01-08 | CVE-2024-56435 | Unspecified vulnerability in Huawei Harmonyos 5.0.0 Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2025-01-08 | CVE-2024-56436 | Unspecified vulnerability in Huawei Harmonyos 5.0.0 Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 |
| 2025-01-07 | CVE-2025-0218 | Use of Insufficiently Random Values vulnerability in Pgadmin Pgagent When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. | 7.1 |
| 2025-01-07 | CVE-2024-40702 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | 8.2 |
| 2025-01-07 | CVE-2024-52367 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Concert Software IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | 7.5 |
| 2025-01-07 | CVE-2025-22303 | Unspecified vulnerability in Wpmailster WP Mailster Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | 7.5 |
| 2025-01-07 | CVE-2024-12152 | The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. | 7.5 |