Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-4860 1 Google 1 Chrome 2024-12-26 9.6 Critical
Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2023-7012 1 Google 1 Chrome 2024-12-26 9.6 Critical
Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)
CVE-2024-6778 1 Google 1 Chrome 2024-12-26 7.5 High
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2022-48499 1 Huawei 1 Emui 2024-12-24 7.5 High
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2024-20839 2 Google, Samsung 2 Android, Voice Recorder 2024-12-23 4.6 Medium
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.
CVE-2024-20838 1 Samsung 1 Internet 2024-12-23 6.8 Medium
Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
CVE-2024-20837 1 Samsung 1 Internet 2024-12-23 5.3 Medium
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
CVE-2023-3124 1 Elementor 1 Elementor Pro 2024-12-23 8.8 High
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.
CVE-2021-4360 1 Wpruby 1 Controlled Admin Access 2024-12-23 9.9 Critical
The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.
CVE-2021-4344 1 Najeebmedia 1 Frontend File Manager Plugin 2024-12-20 6.4 Medium
The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including 'guest users', in their own category (authenticated, or unauthenticated guests).
CVE-2023-3125 1 Webwizards 1 B2bking 2024-12-20 6.5 Medium
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.
CVE-2023-3126 1 Webwizards 1 B2bking 2024-12-20 4.3 Medium
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.
CVE-2024-7339 2 Provision-isr, Tvt 12 Sh-4050a5-5l\(mm\), Sh-4050a5-5l\(mm\) Firmware, Avision Av108t and 9 more 2024-12-20 5.3 Medium
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-42424 1 Dell 4 7920 Xl Rack, 7920 Xl Rack Firmware, Precision 7920 Rack and 1 more 2024-12-20 5.3 Medium
Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-38303 1 Dell 62 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 59 more 2024-12-20 5.3 Medium
Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2020-21583 1 Kernel 1 Util-linux 2024-12-20 6.7 Medium
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
CVE-2018-9407 1 Google 1 Android 2024-12-19 6.5 Medium
In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data.
CVE-2024-47825 1 Cilium 1 Cilium 2024-12-19 4 Medium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.16 and 1.15.10, a policy rule denying a prefix that is broader than `/32` may be ignored if there is a policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) and this narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`. Note that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.This issue has been patched in Cilium v1.14.16 and v1.15.10. As this issue only affects policies using `enableDefaultDeny: false` or that set `toEntities` to `all`, some workarounds are available. For users with policies using `enableDefaultDeny: false`, remove this configuration option and explicitly define any allow rules required. For users with egress policies that explicitly specify `toEntities: all`, use `toEntities: world`.
CVE-2018-9487 1 Google 1 Android 2024-12-19 6.5 Medium
In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-12666 1 Classcms 1 Classcms 2024-12-19 4.7 Medium
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.