Skip to main content
CVE-2024-9978 MEDIUM This Month

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-12082 MEDIUM This Month

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-49416 MEDIUM This Month

Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Smartthings
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-49412 MEDIUM This Month

Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-51773 MEDIUM This Month

A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS Aruba Clearpass Policy Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11782 MEDIUM PATCH This Month

The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Mailster
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11898 MEDIUM PATCH This Month

The Scratch & Win - Giveaways and Contests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Scratch Win
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11453 MEDIUM PATCH This Month

The WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gs Pinterest Portfolio
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9058 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10484 MEDIUM PATCH This Month

The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Spectra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-25035 MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-11325 MEDIUM This Month

The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
5.2
EPSS
1.0%
CVE-2024-53257 MEDIUM PATCH This Month

Vitess is a database clustering system for horizontal scaling of MySQL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-9197 MEDIUM This Month

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zyxel Buffer Overflow Denial Of Service Dx3300 T0 Firmware Dx3300 T1 Firmware +34
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-49411 MEDIUM This Month

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-12062 MEDIUM This Month

The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharity_elementor_template' shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure WordPress Charity Addon For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-45676 MEDIUM This Month

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-11844 MEDIUM PATCH This Month

The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Ideapush
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-49421 MEDIUM This Month

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Google Quick Share
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-49419 MEDIUM This Month

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-25036 LOW Monitor

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass Cognos Controller
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-49417 LOW Monitor

Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smart Touch Call
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-53921 LOW Monitor

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft Magician
NVD
CVSS 3.1
2.8
EPSS
0.2%
CVE-2024-49414 LOW Monitor

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy