‼️CVE-2024-20805‼️
📖 Read more
Via "National Vulnerability Database"
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-20806‼️
📖 Read more
Via "National Vulnerability Database"
Improper access control in Notification service prior to SMR Jan2024 Release 1 allows local attacker to access notification data.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-20807‼️
📖 Read more
Via "National Vulnerability Database"
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-20808‼️
📖 Read more
Via "National Vulnerability Database"
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-20809‼️
📖 Read more
Via "National Vulnerability Database"
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0222‼️
📖 Read more
Via "National Vulnerability Database"
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity High📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0223‼️
📖 Read more
Via "National Vulnerability Database"
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity High📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0224‼️
📖 Read more
Via "National Vulnerability Database"
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity High📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0225‼️
📖 Read more
Via "National Vulnerability Database"
Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity High📖 Read more
Via "National Vulnerability Database"
👍1
‼️CVE-2023-6498‼️
📖 Read more
Via "National Vulnerability Database"
The Complianz GDPRCCPA Cookie Consent plugin for WordPress is vulnerable to Stored CrossSite Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administratorlevel permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multisite installations and installations where unfilteredhtml has been disabled.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6733‼️
📖 Read more
Via "National Vulnerability Database"
The WPMembers Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmemfield shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6738‼️
📖 Read more
Via "National Vulnerability Database"
The Page Builder Pagelayer Drag and Drop website builder plugin for WordPress is vulnerable to Stored CrossSite Scripting via the 'pagelayerheadercode', 'pagelayerbodyopencode', and 'pagelayerfootercode' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributorlevel and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.📖 Read more
Via "National Vulnerability Database"
❤1
‼️CVE-2023-29962‼️
📖 Read more
Via "National Vulnerability Database"
SCMS v5.0 was discovered to contain an arbitrary file read vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52322‼️
📖 Read more
Via "National Vulnerability Database"
ecrirepublicassembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-41784‼️
📖 Read more
Via "National Vulnerability Database"
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50082‼️
📖 Read more
Via "National Vulnerability Database"
Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.📖 Read more
Via "National Vulnerability Database"
❤1
‼️CVE-2023-50630‼️
📖 Read more
Via "National Vulnerability Database"
Cross Site Scripting XSS vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-2081‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-3864‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-6944‼️
📖 Read more
Via "National Vulnerability Database"
A flaw was found in the Red Hat Developer Hub RHDH. The catalogimport function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7044‼️
📖 Read more
Via "National Vulnerability Database"
The Essential Addons for Elementor Best Elementor Templates, Widgets, Kits WooCommerce Builders plugin for WordPress is vulnerable to Stored CrossSite Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read more
Via "National Vulnerability Database"