6.5
CVE-2024-29074 - Telephony has an improper input validation vulnerability
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.
3.3
CVE-2024-22180 - Camera has a use after free vulnerability
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.
6.5
CVE-2024-22098 - AVSession has a use after free vulnerability
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
3.3
CVE-2024-22177 - Audio has an improper preservation of permissions vulnerability
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.
3.3
CVE-2024-21834 - Arkui has a type confusion vulnerability
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
4.3
CVE-2024-1504 - SecuPress Free β WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address
The SecuPress Free β WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This makes it possible for unauthenticated attacβ¦
6.4
CVE-2024-2924 - Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated β¦
6.4
CVE-2024-2791 - Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenβ¦
5.4
CVE-2024-1274 - My Calendar < 3.4.24 - Authenticated Stored XSS
The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)
5.4
CVE-2024-2369 - Page Builder Gutenberg Blocks < 3.1.7 - Contributor+ Stored XSS
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks