Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-43088 Missing Authorization vulnerability in Google Android
In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check.
local
low complexity
google CWE-862
7.8
2024-11-13 CVE-2024-43089 Missing Authorization vulnerability in Google Android
In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check.
local
low complexity
google CWE-862
7.8
2024-11-13 CVE-2024-43093 Unspecified vulnerability in Google Android
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization.
local
low complexity
google
7.8
2024-11-13 CVE-2024-52291 Unspecified vulnerability in Craftcms Craft CMS
Craft is a content management system (CMS).
network
low complexity
craftcms
7.2
2024-11-13 CVE-2024-10012 Unspecified vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
local
low complexity
telerik
7.8
2024-11-13 CVE-2024-10013 Unspecified vulnerability in Telerik UI for Winforms
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
local
low complexity
telerik
7.8
2024-11-13 CVE-2024-50970 SQL Injection vulnerability in Nikoarroyocuraza Online Furniture Shopping Project 1.0
A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
nikoarroyocuraza CWE-89
8.8
2024-11-13 CVE-2024-50971 SQL Injection vulnerability in Angeljudesuarez Construction Management System 1.0
A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.
network
low complexity
angeljudesuarez CWE-89
7.2
2024-11-13 CVE-2024-50972 SQL Injection vulnerability in Angeljudesuarez Construction Management System 1.0
A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.
network
low complexity
angeljudesuarez CWE-89
7.2
2024-11-13 CVE-2024-52293 Unspecified vulnerability in Craftcms Craft CMS
Craft is a content management system (CMS).
network
low complexity
craftcms
7.2