Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-13 | CVE-2024-43088 | Missing Authorization vulnerability in Google Android In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. | 7.8 |
2024-11-13 | CVE-2024-43089 | Missing Authorization vulnerability in Google Android In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. | 7.8 |
2024-11-13 | CVE-2024-43093 | Unspecified vulnerability in Google Android In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. | 7.8 |
2024-11-13 | CVE-2024-52291 | Unspecified vulnerability in Craftcms Craft CMS Craft is a content management system (CMS). | 7.2 |
2024-11-13 | CVE-2024-10012 | Unspecified vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. | 7.8 |
2024-11-13 | CVE-2024-10013 | Unspecified vulnerability in Telerik UI for Winforms In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. | 7.8 |
2024-11-13 | CVE-2024-50970 | SQL Injection vulnerability in Nikoarroyocuraza Online Furniture Shopping Project 1.0 A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 8.8 |
2024-11-13 | CVE-2024-50971 | SQL Injection vulnerability in Angeljudesuarez Construction Management System 1.0 A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter. | 7.2 |
2024-11-13 | CVE-2024-50972 | SQL Injection vulnerability in Angeljudesuarez Construction Management System 1.0 A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. | 7.2 |
2024-11-13 | CVE-2024-52293 | Unspecified vulnerability in Craftcms Craft CMS Craft is a content management system (CMS). | 7.2 |