Skip to main content
CVE-2024-11270 HIGH PATCH This Month

The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE Authentication Bypass WordPress Webinarpress
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2025-21603 MEDIUM Monitor

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-56456 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-56455 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56454 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56453 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-56452 MEDIUM This Month

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-56451 HIGH This Month

Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-56450 MEDIUM This Month

Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-56449 MEDIUM This Month

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-56448 MEDIUM This Month

Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-54121 MEDIUM This Month

Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-12713 MEDIUM PATCH This Month

The SureForms - Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Information Disclosure Sureforms
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-12521 MEDIUM This Month

The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-12112 MEDIUM This Month

The Easy Form Builder - WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-11916 HIGH PATCH This Month

The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE Authentication Bypass WordPress Wp Extended
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-11816 HIGH PATCH This Month

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.1%.

RCE Authentication Bypass WordPress Ultimate Wordpress Toolkit
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2024-56447 HIGH This Month

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-56446 MEDIUM Monitor

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-56445 MEDIUM Monitor

Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-56444 HIGH This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-56443 MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56442 MEDIUM This Month

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56441 MEDIUM Monitor

Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2024-56440 MEDIUM This Month

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56439 HIGH This Month

Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-56438 MEDIUM This Month

Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-56437 MEDIUM This Month

Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2024-54120 MEDIUM Monitor

Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated medium severity (CVSS 4.1). No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2024-47934 MEDIUM This Month

Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-47239 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-56436 MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56435 MEDIUM This Month

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-56434 MEDIUM Monitor

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. Rated medium severity (CVSS 4.4). No vendor patch available.

Memory Corruption Use After Free Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.1%

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-40679 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2 Windows
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy