Total
248817 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-4186 | 2024-05-07 | N/A | 9.8 CRITICAL | ||
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled. | |||||
CVE-2024-3661 | 2024-05-07 | N/A | 7.6 HIGH | ||
By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks. | |||||
CVE-2024-3628 | 2024-05-07 | N/A | N/A | ||
The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
CVE-2024-33793 | 2024-05-07 | N/A | N/A | ||
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. | |||||
CVE-2024-23284 | 2024-05-07 | N/A | N/A | ||
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
CVE-2024-23280 | 2024-05-07 | N/A | N/A | ||
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. | |||||
CVE-2024-23263 | 2024-05-07 | N/A | N/A | ||
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
CVE-2024-23254 | 2024-05-07 | N/A | N/A | ||
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. | |||||
CVE-2024-22472 | 2024-05-07 | N/A | 8.1 HIGH | ||
A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution This issue affects all versions of Silicon LabsĀ 500 Series SDK prior to v6.85.2 running on Silicon Labs 500 series Z-wave devices. | |||||
CVE-2023-42956 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-05-07 | N/A | 6.5 MEDIUM |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. | |||||
CVE-2023-42950 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-05-07 | N/A | 8.8 HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2023-42843 | 2024-05-07 | N/A | N/A | ||
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2024-33792 | 2024-05-07 | N/A | N/A | ||
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
CVE-2024-20872 | 2024-05-07 | N/A | 6.2 MEDIUM | ||
Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. | |||||
CVE-2024-20871 | 2024-05-07 | N/A | 4.9 MEDIUM | ||
Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. | |||||
CVE-2024-20870 | 2024-05-07 | N/A | 5.1 MEDIUM | ||
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | |||||
CVE-2024-20869 | 2024-05-07 | N/A | 5.5 MEDIUM | ||
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. | |||||
CVE-2024-20868 | 2024-05-07 | N/A | 4.4 MEDIUM | ||
Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. | |||||
CVE-2024-20867 | 2024-05-07 | N/A | 5.5 MEDIUM | ||
Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. | |||||
CVE-2024-20866 | 2024-05-07 | N/A | 5.7 MEDIUM | ||
Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. |