6.1
CVE-2024-3867 - Tainacan Interface <= 2.7.2 - Reflected Cross-Site Scripting
The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute ifβ¦
3.1
CVE-2024-3872 -
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.
5.8
CVE-2024-32625 - Uninitialized scalar field
In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations
6.1
CVE-2024-32634 - Logically dead code
In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
4
CVE-2024-32633 - Unsigned compared against 0
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
6.6
CVE-2024-32632 - Printf arg type mismatch in ATCMD
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
7.2
CVE-2024-32631 - Out-of-bounds read in telephony
Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.
9.8
CVE-2024-3871 - Authenticated Remote Command Injection in Delta Electronics DVW
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to β¦
6.5
CVE-2024-32557 - WordPress Exclusive Addons for Elementor plugin <= 2.6.9.2 - Cross Site Scripting (XSS) vulnerabiliβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.
7.5
CVE-2024-1561 - Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker caβ¦