Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-54115 Out-of-bounds Read vulnerability in Huawei Harmonyos 5.0.0
Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
network
low complexity
huawei CWE-125
7.5
7.5
2024-12-12 CVE-2024-54116 Out-of-bounds Read vulnerability in Huawei Harmonyos 5.0.0
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
network
low complexity
huawei CWE-125
7.5
7.5
2024-12-12 CVE-2024-54117 Unspecified vulnerability in Huawei Harmonyos 5.0.0
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
network
low complexity
huawei
7.5
7.5
2024-12-12 CVE-2024-11760 The Currency Converter Widget ? PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-12160 The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6.
network
low complexity
CWE-79
6.1
6.1
2024-12-12 CVE-2024-12333 The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3.
network
low complexity
CWE-94
6.5
6.5
2024-12-12 CVE-2024-12401 A flaw was found in the cert-manager package.
network
high complexity
CWE-20
4.4
4.4
2024-12-12 CVE-2024-10583 The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_title’ parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.4
5.4
2024-12-12 CVE-2024-10784 The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-12-12 CVE-2024-11181 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3