Skip to main content
CVE-2024-3628 LOW POC Monitor

The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easyevent
NVD WPScan
CVSS 3.1
3.8
EPSS
0.4%
CVE-2024-20872 LOW Monitor

Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20860 LOW Monitor

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-29210 LOW Monitor

A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass RCE Information Disclosure Privilege Escalation
NVD
CVSS 3.0
2.8
EPSS
0.2%
CVE-2024-20855 LOW Monitor

Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-29208 LOW Monitor

An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Brute Force Ubiquiti Information Disclosure
NVD
CVSS 3.0
2.2
EPSS
0.3%
CVE-2024-29206 LOW Monitor

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Google Ubiquiti
NVD
CVSS 3.0
2.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy