Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20018 | 1 Mediatek | 2 Mt7615, Software Development Kit | 2025-04-22 | N/A | 9.8 CRITICAL |
| In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019. | |||||
| CVE-2024-20005 | 2 Google, Mediatek | 38 Android, Mt6761, Mt6762 and 35 more | 2025-04-22 | N/A | 8.2 HIGH |
| In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599. | |||||
| CVE-2024-48356 | 1 Lylme | 1 Lylme Spage | 2025-04-22 | N/A | 9.8 CRITICAL |
| LyLme Spage <=1.6.0 is vulnerable to SQL Injection via /admin/group.php. | |||||
| CVE-2024-20038 | 2 Google, Mediatek | 31 Android, Mt6739, Mt6761 and 28 more | 2025-04-22 | N/A | 3.4 LOW |
| In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932. | |||||
| CVE-2024-20037 | 2 Google, Mediatek | 31 Android, Mt6739, Mt6761 and 28 more | 2025-04-22 | N/A | 6.7 MEDIUM |
| In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937. | |||||
| CVE-2024-20036 | 2 Google, Mediatek | 11 Android, Mt6835, Mt6855 and 8 more | 2025-04-22 | N/A | 4.4 MEDIUM |
| In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508. | |||||
| CVE-2024-48572 | 1 Aquila-cms | 1 Aquilacms | 2025-04-22 | N/A | 5.3 MEDIUM |
| A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. | |||||
| CVE-2024-20034 | 2 Google, Mediatek | 20 Android, Mt6761, Mt6765 and 17 more | 2025-04-22 | N/A | 7.2 HIGH |
| In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849. | |||||
| CVE-2024-20033 | 2 Google, Mediatek | 55 Android, Mt2713, Mt6739 and 52 more | 2025-04-22 | N/A | 4.4 MEDIUM |
| In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945. | |||||
| CVE-2024-48573 | 1 Aquila-cms | 1 Aquilacms | 2025-04-22 | N/A | 9.8 CRITICAL |
| A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. | |||||
| CVE-2023-5307 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-22 | N/A | 6.1 MEDIUM |
| The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. | |||||
| CVE-2023-5238 | 1 Metagauss | 1 Eventprime | 2025-04-22 | N/A | 6.1 MEDIUM |
| The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. | |||||
| CVE-2023-5237 | 1 Strangerstudios | 1 Memberlite Shortcodes | 2025-04-22 | N/A | 5.4 MEDIUM |
| The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | |||||
| CVE-2023-5211 | 1 Fattura24 | 1 Fattura24 | 2025-04-22 | N/A | 6.1 MEDIUM |
| The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2023-4251 | 1 Metagauss | 1 Eventprime | 2025-04-22 | N/A | 4.3 MEDIUM |
| The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | |||||
| CVE-2023-4238 | 1 Miniorange | 1 Prevent Files \/ Folders Access | 2025-04-22 | N/A | 7.2 HIGH |
| The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. | |||||
| CVE-2022-46906 | 1 Websoft | 1 Websoft Hcm | 2025-04-22 | N/A | 5.4 MEDIUM |
| Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS. | |||||
| CVE-2022-45957 | 1 Zte | 2 Zxhn-h108ns, Zxhn-h108ns Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow. | |||||
| CVE-2022-45956 | 1 Boa | 1 Boa | 2025-04-22 | N/A | 5.3 MEDIUM |
| Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | |||||
| CVE-2022-45760 | 1 Sens Project | 1 Sens | 2025-04-22 | N/A | 8.8 HIGH |
| SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. | |||||