4.4
CVE-2024-54030 - Communication_dsoftbus has an UAF vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOSย through use after free.
8.8
CVE-2024-47398 - Liteos_a has an out-of-bounds write vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
5.5
CVE-2024-45070 - Liteos_a has an out-of-bounds read vulnerability
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
6.8
CVE-2024-11627 -
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327,ย from 15.2.8400 through 15.2.8421.
8.4
CVE-2024-11626 -
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15โฆ
7.7
CVE-2024-11625 -
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
6.4
CVE-2024-12516 - Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Coupon Code' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acceโฆ
6.1
CVE-2024-12077 - Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting viaโฆ
The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the โcalendar_idโ parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. This makes it possiโฆ
8.8
CVE-2024-12202 - Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with Subscrโฆ
5.3
CVE-2024-10866 - Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export
The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings.