CVE-2024-35283 |
Description: A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35205 |
Description: The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aiming to overwrite an existing native library utilized by WPS Office. Successful exploitation could result in the execution of arbitrary commands under the guise of WPS Office's application ID.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-3516 |
Description: Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
CVE-2024-3515 |
Description: Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
CVE-2024-35110 |
Description: A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35109 |
Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35108 |
Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35102 |
Description: Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35099 |
Description: TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-35091 |
Description: J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|