6.5

CVSS3.1

CVE-2024-29074 - Telephony has an improper input validation vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.

πŸ“… Published: April 2, 2024, 6:22 a.m. πŸ”„ Last Modified: March 12, 2025, 4:36 p.m.

3.3

CVSS3.1

CVE-2024-22180 - Camera has a use after free vulnerability

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.

πŸ“… Published: April 2, 2024, 6:22 a.m. πŸ”„ Last Modified: Jan. 27, 2025, 5:58 p.m.

6.5

CVSS3.1

CVE-2024-22098 - AVSession has a use after free vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

πŸ“… Published: April 2, 2024, 6:22 a.m. πŸ”„ Last Modified: Jan. 2, 2025, 7:12 p.m.

3.3

CVSS3.1

CVE-2024-22177 - Audio has an improper preservation of permissions vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.

πŸ“… Published: April 2, 2024, 6:22 a.m. πŸ”„ Last Modified: Jan. 2, 2025, 7:12 p.m.

3.3

CVSS3.1

CVE-2024-21834 - Arkui has a type confusion vulnerability

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

πŸ“… Published: April 2, 2024, 6:22 a.m. πŸ”„ Last Modified: Jan. 2, 2025, 7:13 p.m.

4.3

CVSS3.1

CVE-2024-1504 - SecuPress Free β€” WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address

The SecuPress Free β€” WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This makes it possible for unauthenticated attac…

πŸ“… Published: April 2, 2024, 5:32 a.m. πŸ”„ Last Modified: April 8, 2026, 6:20 p.m.

6.4

CVSS3.1

CVE-2024-2924 - Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated …

πŸ“… Published: April 2, 2024, 5:32 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-2791 - Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Sc…

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authen…

πŸ“… Published: April 2, 2024, 5:32 a.m. πŸ”„ Last Modified: April 8, 2026, 5:18 p.m.

5.4

CVSS3.1

CVE-2024-1274 - My Calendar < 3.4.24 - Authenticated Stored XSS

The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)

πŸ“… Published: April 2, 2024, 5:15 a.m. πŸ”„ Last Modified: May 7, 2025, 12:29 a.m.

5.4

CVSS3.1

CVE-2024-2369 - Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

πŸ“… Published: April 2, 2024, 5 a.m. πŸ”„ Last Modified: May 13, 2025, 1:07 a.m.
Total resulsts: 349182
Page 10475 of 34,919
Β« previous page Β» next page
Filters