7.8
CVE-2017-15832 - Buffer overwrite due to improper input validation in WLAN host
Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW
8.8
CVE-2017-11076 - Use of Out-of-range Pointer Offset in Video
On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.
9.8
CVE-2016-10394 - Improper Authentication in Core
Initial xbl_sec revision does not have all the debug policy features and critical checks.
6.4
CVE-2024-11091 - Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stor…
The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authentic…
6.4
CVE-2024-11192 - Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scriptin…
The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi…
6.4
CVE-2024-11119 - BNE Gallery Extended <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via galler…
The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate…
5.5
CVE-2024-9170 - Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj…
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for au…
7.5
CVE-2024-36254 -
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition.
7.5
CVE-2024-36251 -
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and ve…
7.4
CVE-2024-36249 -
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, …