6.1

CVSS3.1

CVE-2024-3867 - Tainacan Interface <= 2.7.2 - Reflected Cross-Site Scripting

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if…

πŸ“… Published: April 16, 2024, 9:32 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.1

CVSS3.1

CVE-2024-3872 -

Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.

πŸ“… Published: April 16, 2024, 9:05 a.m. πŸ”„ Last Modified: Jan. 21, 2025, 4:57 p.m.

5.8

CVSS3.1

CVE-2024-32625 - Uninitialized scalar field

In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations

πŸ“… Published: April 16, 2024, 9 a.m. πŸ”„ Last Modified: Dec. 10, 2025, 4:55 p.m.

6.1

CVSS3.1

CVE-2024-32634 - Logically dead code

In huge memory get unmapped area check, code can never be reached because of a logical contradiction.

πŸ“… Published: April 16, 2024, 8:57 a.m. πŸ”„ Last Modified: Dec. 10, 2025, 4:54 p.m.

4

CVSS3.1

CVE-2024-32633 - Unsigned compared against 0

An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.

πŸ“… Published: April 16, 2024, 8:54 a.m. πŸ”„ Last Modified: Dec. 10, 2025, 4:53 p.m.

6.6

CVSS3.1

CVE-2024-32632 - Printf arg type mismatch in ATCMD

A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access

πŸ“… Published: April 16, 2024, 8:51 a.m. πŸ”„ Last Modified: Dec. 10, 2025, 4:53 p.m.

7.2

CVSS3.1

CVE-2024-32631 - Out-of-bounds read in telephony

Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.

πŸ“… Published: April 16, 2024, 8:44 a.m. πŸ”„ Last Modified: Dec. 10, 2025, 4:55 p.m.

9.8

CVSS3.1

CVE-2024-3871 - Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to …

πŸ“… Published: April 16, 2024, 8:12 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-32557 - WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Cross Site Scripting (XSS) vulnerabili…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.

πŸ“… Published: April 16, 2024, 6:39 a.m. πŸ”„ Last Modified: April 28, 2026, 4:09 p.m.

7.5

CVSS3.0

CVE-2024-1561 - Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio

An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker ca…

πŸ“… Published: April 16, 2024, midnight πŸ”„ Last Modified: July 30, 2025, 2:48 p.m.
Total resulsts: 349182
Page 10271 of 34,919
Β« previous page Β» next page
Filters