Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-47033 Use After Free vulnerability in Google Android
In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free.
local
low complexity
google CWE-416
7.8
7.8
2024-10-25 CVE-2024-47034 Out-of-bounds Read vulnerability in Google Android
there is a possible out of bounds read due to a missing bounds check.
local
low complexity
google CWE-125
5.5
5.5
2024-10-25 CVE-2024-47035 Out-of-bounds Write vulnerability in Google Android
In vring_init of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to a logic error in the code.
local
low complexity
google CWE-787
7.8
7.8
2024-10-25 CVE-2024-47041 Out-of-bounds Read vulnerability in Google Android
In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check.
local
low complexity
google CWE-125
7.8
7.8
2024-10-25 CVE-2024-47481 Unspecified vulnerability in Dell Data Lakehouse 1.0.0.0/1.1.0.0
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability.
low complexity
dell
6.5
6.5
2024-10-25 CVE-2024-47483 SQL Injection vulnerability in Dell Data Lakehouse 1.0.0.0/1.1.0.0
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability.
local
low complexity
dell CWE-89
5.5
5.5
2024-10-25 CVE-2024-10016 The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-25 CVE-2024-10112 The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-25 CVE-2024-10343 The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-25 CVE-2024-8666 The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4