371
|
- |
|
-
|
-
|
there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed fo…
New
|
-
|
CVE-2024-47034
|
2024-10-26 01:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
372
|
- |
|
-
|
-
|
In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local inf…
New
|
-
|
CVE-2024-47029
|
2024-10-26 01:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
373
|
- |
|
-
|
-
|
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.
Update
|
-
|
CVE-2024-48540
|
2024-10-26 01:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
374
|
6.5 |
MEDIUM
Network
|
metagauss
|
download_plugin
|
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functi…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-9829
|
2024-10-26 01:30 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
375
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Sc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-30160
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
376
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XS…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-30159
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
377
|
7.2 |
HIGH
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to ins…
Update
|
CWE-89
SQL Injection
|
CVE-2024-30158
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
378
|
7.2 |
HIGH
Network
|
wpovernight
|
woocommerce_order_proposal
|
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of a…
Update
|
CWE-287
Improper Authentication
|
CVE-2024-9927
|
2024-10-26 01:29 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
379
|
7.2 |
HIGH
Network
|
mitel
|
micollab
|
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack…
Update
|
CWE-89
SQL Injection
|
CVE-2024-30157
|
2024-10-26 01:29 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
380
|
5.4 |
MEDIUM
Network
|
rebelcode
|
rss_aggregator
|
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-9583
|
2024-10-26 01:28 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|