Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-8121 | Missing Authorization vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. | 4.3 |
| 2024-09-04 | CVE-2024-8123 | Authorization Bypass Through User-Controlled Key vulnerability in Wpextended WP Extended The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. | 5.4 |
| 2024-09-04 | CVE-2024-34637 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background. | 5.5 |
| 2024-09-04 | CVE-2024-34639 | Improper Handling of Exceptional Conditions vulnerability in Samsung Android 12.0/13.0/14.0 Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. | 4.6 |
| 2024-09-04 | CVE-2024-34642 | Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0 Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. | 4.6 |
| 2024-09-04 | CVE-2024-34643 | Unspecified vulnerability in Samsung Android 14.0 Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. | 5.5 |
| 2024-09-04 | CVE-2024-34644 | Unspecified vulnerability in Samsung Android 14.0 Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. | 5.5 |
| 2024-09-04 | CVE-2024-34645 | Unspecified vulnerability in Samsung Android 12.0/13.0 Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications. low complexity samsung | 4.6 |
| 2024-09-04 | CVE-2024-34646 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. | 5.5 |
| 2024-09-04 | CVE-2024-34647 | Unspecified vulnerability in Samsung Android 12.0/13.0/14.0 Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license. | 5.5 |