Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-12-03 CVE-2024-9058 Cross-site Scripting vulnerability in Bdthemes Element Pack
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping.
network
low complexity
bdthemes CWE-79
5.4
2024-12-03 CVE-2024-10484 Cross-site Scripting vulnerability in Brainstormforce Spectra
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
brainstormforce CWE-79
5.4
2024-12-03 CVE-2024-49410 Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
local
low complexity
samsung CWE-787
7.8
2024-12-03 CVE-2024-49411 Path Traversal vulnerability in Samsung Android 12.0/13.0
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
low complexity
samsung CWE-22
4.6
2024-12-03 CVE-2024-49413 Improper Verification of Cryptographic Signature vulnerability in Samsung Android 13.0/14.0
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
local
low complexity
samsung CWE-347
7.8
2024-12-03 CVE-2024-49414 Unspecified vulnerability in Samsung Android 12.0/13.0
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
low complexity
samsung
2.4
2024-12-03 CVE-2024-49415 Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
network
low complexity
samsung CWE-787
critical
9.8
2024-12-03 CVE-2024-9694 The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
2024-12-03 CVE-2024-9197 Classic Buffer Overflow vulnerability in Zyxel products
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.
network
low complexity
zyxel CWE-120
4.9
2024-12-03 CVE-2018-9441 Out-of-bounds Read vulnerability in Google Android
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check.
local
low complexity
google CWE-125
5.5