| 2024-11-27 | CVE-2017-13316 | Missing Authorization vulnerability in Google Android
In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. | 7.8 |
| 2024-11-27 | CVE-2017-13319 | Classic Buffer Overflow vulnerability in Google Android
In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. | 7.5 |
| 2024-11-27 | CVE-2024-7025 | Integer Overflow or Wraparound vulnerability in Google Chrome
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-11-27 | CVE-2024-9369 | Improper Validation of Specified Quantity in Input vulnerability in Google Chrome
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | 9.6 |
| 2024-11-27 | CVE-2024-11860 | Unspecified vulnerability in Mayurik Best House Rental Management System 1.0
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. | 6.5 |
| 2024-11-27 | CVE-2024-11009 | The Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2024-11-27 | CVE-2024-11025 | An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device. | 5.4 |
| 2024-11-27 | CVE-2024-10521 | The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. | 4.3 |
| 2024-11-27 | CVE-2024-11667 | Path Traversal vulnerability in Zyxel ZLD
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL. | 9.8 |
| 2024-11-27 | CVE-2024-10175 | The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |