Skip to main content
CVE-2024-23713 HIGH PATCH This Week

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23710 HIGH PATCH This Week

In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23708 HIGH PATCH This Week

In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23707 HIGH PATCH This Week

In multiple locations, there is a possible permissions bypass due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23706 HIGH PATCH This Week

In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23705 HIGH PATCH This Week

In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23704 HIGH PATCH This Week

In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0043 HIGH PATCH This Week

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0042 HIGH This Week

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0025 HIGH PATCH This Week

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0024 HIGH PATCH This Week

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-3759 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-3758 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27217 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23808 HIGH This Week

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service RCE Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-3628 LOW POC Monitor

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easyevent
NVD WPScan
CVSS 3.1
3.8
EPSS
0.4%
CVE-2024-29207 HIGH This Week

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Ubiquiti
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2024-33139 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-34084 HIGH PATCH This Week

Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-4538 HIGH This Week

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-4537 HIGH This Week

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-4599 HIGH This Week

Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-29149 HIGH This Week

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-33148 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-4582 HIGH This Week

A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
CVSS 3.1
7.3
EPSS
1.4%
CVE-2024-4030 HIGH This Week

On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Python Microsoft
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-34342 HIGH PATCH This Week

react-pdf displays PDFs in React apps. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
1.1%
CVE-2024-4600 HIGH This Week

Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-20868 HIGH This Week

Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Notes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-20865 MEDIUM This Month

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-4601 MEDIUM This Month

An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20863 MEDIUM This Month

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20862 MEDIUM This Month

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20861 MEDIUM This Month

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20866 MEDIUM This Month

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-23551 MEDIUM This Month

Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23709 MEDIUM PATCH This Month

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Information Disclosure Memory Corruption Android
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-34517 MEDIUM PATCH This Month

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Neo4j
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-33860 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siem
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4596 MEDIUM PATCH This Month

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kimai
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-31456 MEDIUM PATCH This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
59.1%
CVE-2023-31234 MEDIUM This Month

Missing Authorization vulnerability in Tilda Publishing.3.23. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-33122 MEDIUM This Month

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-33859 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siem
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-29209 MEDIUM This Month

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Microsoft
NVD
CVSS 3.0
6.0
EPSS
0.4%
CVE-2024-23712 MEDIUM PATCH This Month

In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0027 MEDIUM PATCH This Month

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0026 MEDIUM PATCH This Month

In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0022 MEDIUM PATCH This Month

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-3757 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy