Latest High and Critical Severity CVE Feed

CVE Feed

  • CVE ID : CVE-2024-46873 Published : Dec. 23, 2024, 1:15 a.m. | 9 hours, 46 minutes ago Description : Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS […]
  • CVE ID : CVE-2024-12771 Published : Dec. 21, 2024, 7:15 a.m. | 2 days, 3 hours ago Description : The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This […]
  • CVE ID : CVE-2024-12066 Published : Dec. 21, 2024, 7:15 a.m. | 2 days, 3 hours ago Description : The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with […]
  • CVE ID : CVE-2024-11349 Published : Dec. 21, 2024, 5:15 a.m. | 2 days, 5 hours ago Description : The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. […]
  • CVE ID : CVE-2023-31279 Published : Dec. 21, 2024, 12:15 a.m. | 2 days, 10 hours ago Description : The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an […]
  • CVE ID : CVE-2024-56357 Published : Dec. 20, 2024, 9:15 p.m. | 2 days, 13 hours ago Description : grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect […]
  • CVE ID : CVE-2024-56358 Published : Dec. 20, 2024, 9:15 p.m. | 2 days, 13 hours ago Description : grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This […]
  • CVE ID : CVE-2024-56359 Published : Dec. 20, 2024, 9:15 p.m. | 2 days, 13 hours ago Description : grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could […]
  • CVE ID : CVE-2024-37758 Published : Dec. 20, 2024, 7:15 p.m. | 2 days, 15 hours ago Description : Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more…
  • CVE ID : CVE-2024-40695 Published : Dec. 20, 2024, 2:15 p.m. | 2 days, 20 hours ago Description : IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness […]