The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.
An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.