Total
4907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13316 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9477 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-56048 | 2024-12-18 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9. | |||||
| CVE-2024-54381 | 2024-12-18 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. | |||||
| CVE-2024-54466 | 1 Apple | 1 Macos | 2024-12-18 | N/A | 5.3 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password. | |||||
| CVE-2018-9469 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-43087 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2017-13314 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
| In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56008 | 2024-12-18 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. | |||||
| CVE-2024-55997 | 2024-12-18 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0. | |||||
| CVE-2024-52485 | 2024-12-18 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2. | |||||
| CVE-2024-11926 | 2024-12-18 | N/A | 6.5 MEDIUM | ||
| The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information. | |||||
| CVE-2024-12596 | 2024-12-18 | N/A | 4.3 MEDIUM | ||
| The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | |||||
| CVE-2024-12259 | 2024-12-18 | N/A | 8.8 HIGH | ||
| The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | |||||
| CVE-2024-43088 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43089 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43090 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.0 MEDIUM |
| In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-21141 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249 | |||||
| CVE-2024-34719 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40661 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||