6.4

CVSS3.1

CVE-2024-11453 - WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Auth…

The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping…

πŸ“… Published: Dec. 3, 2024, 7:34 a.m. πŸ”„ Last Modified: April 8, 2026, 4:48 p.m.

6.4

CVSS3.1

CVE-2024-9058 - Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site …

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escapi…

πŸ“… Published: Dec. 3, 2024, 6:50 a.m. πŸ”„ Last Modified: April 8, 2026, 4:47 p.m.

4.8

CVSS3.1

CVE-2024-10893 - WP Booking Calendar < 10.6.5 - Admin+ Stored XSS

The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

πŸ“… Published: Dec. 3, 2024, 6 a.m. πŸ”„ Last Modified: May 17, 2025, 1:49 a.m.

4.3

CVSS3.1

CVE-2024-49421 -

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.

πŸ“… Published: Dec. 3, 2024, 5:48 a.m. πŸ”„ Last Modified: Sept. 24, 2025, 7:18 p.m.

7.5

CVSS3.1

CVE-2024-49420 -

Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.

πŸ“… Published: Dec. 3, 2024, 5:48 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-49419 -

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.

πŸ“… Published: Dec. 3, 2024, 5:48 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-49418 -

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.

πŸ“… Published: Dec. 3, 2024, 5:48 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

2

CVSS3.1

CVE-2024-49417 -

Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

πŸ“… Published: Dec. 3, 2024, 5:48 a.m. πŸ”„ Last Modified: Jan. 9, 2026, 2:39 a.m.

4

CVSS3.1

CVE-2024-49416 -

Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.

πŸ“… Published: Dec. 3, 2024, 5:47 a.m. πŸ”„ Last Modified: July 17, 2025, 5:21 p.m.

8.1

CVSS3.1

CVE-2024-49415 -

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

πŸ“… Published: Dec. 3, 2024, 5:47 a.m. πŸ”„ Last Modified: Feb. 10, 2025, 10:12 p.m.
Total resulsts: 347725
Page 7495 of 34,773
Β« previous page Β» next page
Filters