7.5
CVE-2024-44100 -
Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.
5.5
CVE-2024-44099 -
There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
7.4
CVE-2024-44098 -
In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
6.4
CVE-2024-8666 - Shoutcast Icecast HTML5 Radio Player <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scri…
The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib…
6.4
CVE-2024-10112 - Simple News <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via news Shortcode
The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, w…
6.4
CVE-2024-10343 - Beek Widget Extention <= 0.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Short…
The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contribu…
6.4
CVE-2024-10016 - File Upload Types by WPForms <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG…
The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces…
5.4
CVE-2024-47158 -
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website.
7.5
CVE-2024-45785 -
MUSASI version 3 contains an issue with use of client-side authentication. If this vulnerability is exploited, other users' credential and sensitive information may be retrieved.
6.3
CVE-2024-9628 - WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API
The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.6.0. This makes it possible for authenticated attackers, wi…