Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-03 | CVE-2024-9058 | Cross-site Scripting vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-03 | CVE-2024-10484 | Cross-site Scripting vulnerability in Brainstormforce Spectra The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-12-03 | CVE-2024-49410 | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0 Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. | 7.8 |
| 2024-12-03 | CVE-2024-49411 | Path Traversal vulnerability in Samsung Android 12.0/13.0 Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | 4.6 |
| 2024-12-03 | CVE-2024-49413 | Improper Verification of Cryptographic Signature vulnerability in Samsung Android 13.0/14.0 Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. | 7.8 |
| 2024-12-03 | CVE-2024-49414 | Unspecified vulnerability in Samsung Android 12.0/13.0 Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. low complexity samsung | 2.4 |
| 2024-12-03 | CVE-2024-49415 | Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | 9.8 |
| 2024-12-03 | CVE-2024-9694 | The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-12-03 | CVE-2024-9197 | Classic Buffer Overflow vulnerability in Zyxel products A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. | 4.9 |
| 2024-12-03 | CVE-2018-9441 | Out-of-bounds Read vulnerability in Google Android In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. | 5.5 |