Total
5319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24840 | 1 Bdthemes | 1 Element Pack | 2025-01-29 | 4.3 Medium |
| Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. | ||||
| CVE-2023-22813 | 1 Westerndigital | 4 My Cloud, My Cloud Home, My Cloud Os 5 and 1 more | 2025-01-29 | 3.3 Low |
| A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126. | ||||
| CVE-2022-47493 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 5.5 Medium |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-47492 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 5.5 Medium |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-47490 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 5.5 Medium |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2022-48245 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48244 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48243 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2024-1042 | 1 Wpmilitary | 1 Wp Radio | 2025-01-28 | 6.4 Medium |
| The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. | ||||
| CVE-2022-48368 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48250 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48249 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48248 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48247 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-48246 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2023-2590 | 1 Answer | 1 Answer | 2025-01-28 | 3.5 Low |
| Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. | ||||
| CVE-2024-4875 | 1 Hasthemes | 1 Ht Mega | 2025-01-28 | 4.3 Medium |
| The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration. | ||||
| CVE-2022-48371 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 5.5 Medium |
| In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | ||||
| CVE-2022-48370 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 5.5 Medium |
| In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | ||||
| CVE-2022-48369 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||