CVE-2024-27903

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-283
View all →

Vulnerability Description

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

Related Vulnerabilities

CVE-2025-47940

HIGH
CVSS:7.2(High)

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend...

CWE-2832025

CVE-2022-29220

MEDIUM
CVSS:6.5(Medium)

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit cre...

CWE-2832022

CVE-2021-24500

HIGH
CVSS:8.1(High)

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attac...

CWE-2832021

CVE-2021-24501

HIGH
CVSS:8.1(High)

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting object...

CWE-2832021

CVE-2024-1853

MEDIUM
CVSS:5.5(Medium)

Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers.

CWE-2832024

CVE-2021-24500

HIGH
CVSS:8.1(High)

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attac...

CWE-2832021