Skip to main content
CVE-2024-31078 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20870 MEDIUM This Month

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20869 MEDIUM This Month

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20867 MEDIUM This Month

Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Email
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20864 MEDIUM This Month

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20859 MEDIUM This Month

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20858 MEDIUM This Month

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20857 MEDIUM This Month

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34341 MEDIUM PATCH This Month

Trix is a rich text editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-33161 MEDIUM This Month

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-33858 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Siem
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-33856 MEDIUM This Month

An issue was discovered in Logpoint before 7.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siem
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-4536 MEDIUM PATCH This Month

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the. Rated medium severity (CVSS 5.3).

Hashicorp Information Disclosure Edc Connector
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-4584 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-4583 MEDIUM This Month

A vulnerability classified as problematic was found in Faraday GM8181 and GM828x up to 20240429. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-34314 MEDIUM This Month

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Cmseasy
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-20871 MEDIUM This Month

Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung One Ui
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-20821 MEDIUM This Month

A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-6810 MEDIUM This Month

The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-28148 MEDIUM PATCH This Month

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-20856 MEDIUM This Month

Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-33748 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%
CVE-2024-20872 LOW Monitor

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20860 LOW Monitor

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-29210 LOW Monitor

A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass RCE Information Disclosure Privilege Escalation
NVD
CVSS 3.0
2.8
EPSS
0.2%
CVE-2024-20855 LOW Monitor

Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-29208 LOW Monitor

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Ubiquiti Information Disclosure
NVD
CVSS 3.0
2.2
EPSS
0.3%
CVE-2024-29206 LOW Monitor

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Google Ubiquiti
NVD
CVSS 3.0
2.2
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy