CVE-2024-34897 |
Description: Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-34896 |
Description: An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-23222 |
Description: A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
EPSS Score: 0.32%
February 4th, 2025 (5 months ago)
|
CVE-2024-20147 |
Description: In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-20142 |
Description: In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.
EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
CVE-2024-20141 |
Description: In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.
EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
CVE-2024-13651 |
Description: The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
CVE-2024-13547 |
Description: The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
CVE-2024-13347 |
Description: The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
CVE-2024-13343 |
Description: The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
CVSS: HIGH (8.8) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|