Skip to main content

Google

13979 CVEs vendor

Monthly

CVE-2024-53160 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-12034 MEDIUM This Month

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-12571 CRITICAL Act Now

The Store Locator for WordPress with Google Maps - LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google PHP WordPress RCE LFI +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-12695 HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-12692 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-54125 LOW Monitor

Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.0
3.3
EPSS
0.2%
CVE-2024-11358 MEDIUM This Month

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Google Mattermost Mobile
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-56011 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov Responsive Google Maps | by imbaa responsive-google-maps allows Stored XSS.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54399 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Google
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-54317 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.37.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-41689 MEDIUM This Month

Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) post-to-google-my-business allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-12420 MEDIUM This Month

The The WPMobile.App - Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress Code Injection RCE Apple
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-12042 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple XSS File Upload +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-12072 MEDIUM This Month

The Analytics Cat - Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS WordPress
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2024-11015 CRITICAL Act Now

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Google
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-55884 CRITICAL Act Now

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable(). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Google RCE Memory Corruption
NVD GitHub
CVSS 3.1
9.0
EPSS
1.3%
CVE-2024-49057 HIGH This Week

Microsoft Defender for Endpoint on Android Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Defender For Endpoint
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2024-12382 HIGH This Week

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2024-12381 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-12236 MEDIUM This Month

A security issue exists in Vertex Gemini API for customers using VPC-SC. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Vertex Gemini Api
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2023-50375 MEDIUM This Month

Missing Authorization vulnerability in edo888 Google Language Translator google-language-translator allows Exploiting Incorrectly Configured Access Control Security Levels.0.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-32117 CRITICAL POC THREAT Emergency

Missing authorization in the Integrate Google Drive WordPress plugin (versions up to and including 1.1.99) lets unauthenticated remote attackers bypass access control checks to reach functionality that should be restricted. EPSS is exceptionally high at 88.16% (99th percentile), indicating strong exploitation likelihood, though no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Google Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
88.2%
Threat
6.1
CVE-2023-23986 MEDIUM This Month

Missing Authorization vulnerability in Noah Hearle Reviews and Rating - Google My Business g-business-reviews-rating allows Exploiting Incorrectly Configured Access Control Security Levels.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-23887 MEDIUM This Month

Missing Authorization vulnerability in Shahjada Easy Google Analytics for WordPress easy-google-analytics-for-wordpress allows Exploiting Incorrectly Configured Access Control Security Levels.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-49041 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2024-52271 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-52270 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-54014 LOW Monitor

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google
NVD
CVSS 3.0
3.6
EPSS
0.2%
CVE-2024-37575 HIGH This Week

The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37574 HIGH This Week

The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-10576 CRITICAL Act Now

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2024-52277 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-52276 HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-12053 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-49421 MEDIUM This Month

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Google Quick Share
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-53723 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Google
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-53123 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53105 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53701 LOW Monitor

Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Google
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2024-11203 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Google Embedpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-53264 Go MEDIUM PATCH This Month

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Google
NVD GitHub
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-7025 HIGH POC This Week

Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-11703 MEDIUM This Month

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-11702 HIGH This Week

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-53268 HIGH POC This Week

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Code Injection RCE Apple +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-9511 CRITICAL Act Now

The FluentSMTP - WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Deserialization WordPress PHP Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-50657 MEDIUM This Month

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-49054 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-52309 Go MEDIUM PATCH This Month

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft
NVD GitHub
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-11388 MEDIUM This Month

The Dino Game - Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Dino Game Chrome
NVD
CVSS 3.1
6.4
EPSS
9.1%
CVE-2024-52447 HIGH This Week

Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.6.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-10382 HIGH This Week

There exists a code execution vulnerability in the Car App Android Jetpack Library. Rated high severity (CVSS 7.3). No vendor patch available.

Deserialization RCE Java Google Androidx Car App
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-11179 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Google Apple Mstore Api
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-52614 MEDIUM This Month

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.0
4.0
EPSS
0.2%
CVE-2024-11395 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-51862 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Wicht Google Visualization Charts google-visualization-charts allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-50293 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-50275 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state. Rated high severity (CVSS 7.0).

Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-10486 MEDIUM POC This Month

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress PHP Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-11217 MEDIUM This Month

A vulnerability was found in the OAuth-server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Gitlab
NVD VulDB
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-49025 MEDIUM This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-9059 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Google Royal Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-11117 MEDIUM This Month

Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11116 MEDIUM This Month

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11115 HIGH This Week

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple XSS Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11114 HIGH This Week

Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Microsoft Chrome
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-11113 HIGH This Week

Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-11112 HIGH This Week

Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-11111 MEDIUM POC This Month

Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11110 MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-46966 HIGH This Week

The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-46964 HIGH This Week

The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-46963 HIGH This Week

The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-46962 CRITICAL Act Now

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-46965 MEDIUM This Month

The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-51882 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Google
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-50256 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-11026 MEDIUM POC This Month

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Google Freenow
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-40240 MEDIUM This Month

An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Homeserve
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-40239 MEDIUM This Month

An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Life
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-50175 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove use_count guard in stop_streaming The use_count check was introduced so that multiple concurrent Raw. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-10621 MEDIUM This Month

The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Google
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-46961 HIGH This Week

The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-46960 HIGH This Week

The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-36064 MEDIUM This Month

The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Google
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-36063 HIGH This Week

The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-36062 MEDIUM This Month

The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
CVSS 3.1
4.0
EPSS
0.2%
CVE-2024-10668 MEDIUM PATCH This Month

There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. Rated medium severity (CVSS 5.9). This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Authentication Bypass Microsoft Google File Upload Quick Share
NVD GitHub
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-50155 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbot might fool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10826 HIGH This Week

Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Google +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Google Information Disclosure
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Store Locator for WordPress with Google Maps - LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google PHP WordPress +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE +2
NVD
EPSS 6% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Google +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov Responsive Google Maps | by imbaa responsive-google-maps allows Stored XSS.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Google
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories web-stories allows Stored XSS.37.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) post-to-google-my-business allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The The WPMobile.App - Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress Code Injection +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The Analytics Cat - Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS WordPress
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Google
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable(). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Google RCE +1
NVD GitHub
EPSS 2% CVSS 8.1
HIGH This Week

Microsoft Defender for Endpoint on Android Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A security issue exists in Vertex Gemini API for customers using VPC-SC. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Vertex Gemini Api
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing Authorization vulnerability in edo888 Google Language Translator google-language-translator allows Exploiting Incorrectly Configured Access Control Security Levels.0.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
EPSS 88% 6.1 CVSS 9.8
CRITICAL POC THREAT Emergency

Missing authorization in the Integrate Google Drive WordPress plugin (versions up to and including 1.1.99) lets unauthenticated remote attackers bypass access control checks to reach functionality that should be restricted. EPSS is exceptionally high at 88.16% (99th percentile), indicating strong exploitation likelihood, though no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Google Authentication Bypass
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Missing Authorization vulnerability in Noah Hearle Reviews and Rating - Google My Business g-business-reviews-rating allows Exploiting Incorrectly Configured Access Control Security Levels.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing Authorization vulnerability in Shahjada Easy Google Analytics for WordPress easy-google-analytics-for-wordpress allows Exploiting Incorrectly Configured Access Control Security Levels.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
EPSS 0% CVSS 3.6
LOW Monitor

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
EPSS 0% CVSS 8.2
HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Google Quick Share
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Google Linux +1
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Google
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The EmbedPress - Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Google +1
NVD GitHub
EPSS 1% CVSS 5.1
MEDIUM PATCH This Month

bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Google
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Chrome
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Code Injection +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The FluentSMTP - WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Deserialization WordPress +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft +1
NVD
EPSS 1% CVSS 5.1
MEDIUM PATCH This Month

SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft
NVD GitHub
EPSS 9% CVSS 6.4
MEDIUM This Month

The Dino Game - Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress +2
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.6.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal
NVD
EPSS 0% CVSS 7.3
HIGH This Week

There exists a code execution vulnerability in the Car App Android Jetpack Library. Rated high severity (CVSS 7.3). No vendor patch available.

Deserialization RCE Java +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Google +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Wicht Google Visualization Charts google-visualization-charts allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state. Rated high severity (CVSS 7.0).

Information Disclosure Google Linux +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress PHP +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A vulnerability was found in the OAuth-server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Gitlab
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Google +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple XSS +2
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Microsoft +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Microsoft +3
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Linux +1
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Google +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Homeserve
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Life
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove use_count guard in stop_streaming The use_count check was introduced so that multiple concurrent Raw. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Google
NVD
EPSS 0% CVSS 8.1
HIGH This Week

The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Google
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. Rated medium severity (CVSS 5.9). This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Authentication Bypass Microsoft Google +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbot might fool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +2
NVD
Prev Page 39 of 156 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy