Skip to main content

Launcher

3 CVEs product

Monthly

CVE-2024-11872 HIGH This Week

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Launcher
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2023-27650 CRITICAL POC Act Now

An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Launcher
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-7411 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google Launcher
NVD
CVSS 3.0
5.4
EPSS
0.9%
EPSS 0% CVSS 7.8
HIGH This Week

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Launcher
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Launcher
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy