| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-9302 | App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP | appcheap | App Builder – Create Native Android & iOS Apps On The Flight | High | 8.1 | 2024-10-25 06:51:24 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9873 | Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 5.4 | 2024-10-16 05:31:56 | Deep Dive |
| CVE-2024-9305 | AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP | scottopolis | AppPresser – Mobile App Framework | High | 8.1 | 2024-10-16 02:05:05 | Deep Dive |
| CVE-2024-4130 | Lenovo App Store 安全漏洞 | Lenovo | App Store | High | 7.8 | 2024-10-11 15:15:41 | Deep Dive |
| CVE-2024-47867 | Lack of integrity check on the downloaded FRP client in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:19:12 | Deep Dive |
| CVE-2024-47868 | Several components’ post-process steps may allow arbitrary file leaks in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:18:02 | Deep Dive |
| CVE-2024-47869 | Non-constant-time comparison when comparing hashes in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:16:11 | Deep Dive |
| CVE-2024-47870 | Race condition in update_root_in_config may redirect user traffic in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:15:06 | Deep Dive |
| CVE-2024-47871 | Insecure communication between the FRP client and server in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:14:01 | Deep Dive |
| CVE-2024-47872 | Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files | gradio-app | gradio | - | - | 2024-10-10 22:12:27 | Deep Dive |
| CVE-2024-47084 | CORS origin validation is not performed when the request has a cookie in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:53:52 | Deep Dive |
| CVE-2024-47164 | The `is_in_or_equal` function may be bypassed in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:52:27 | Deep Dive |
| CVE-2024-47165 | CORS origin validation accepts the null origin in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:50:08 | Deep Dive |
| CVE-2024-47166 | One-level read path traversal in `/custom_component` in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:48:54 | Deep Dive |
| CVE-2024-47167 | SSRF in the path parameter of /queue/join in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:47:29 | Deep Dive |
| CVE-2024-47168 | The `enable_monitoring` flag set to `False` does not disable monitoring in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:44:51 | Deep Dive |
| CVE-2024-9473 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability | Palo Alto Networks | GlobalProtect App | - | - | 2024-10-09 17:07:01 | Deep Dive |
| CVE-2024-47349 | WordPress WPMobile.App plugin <= 11.50 - Reflected Cross Site Scripting (XSS) vulnerability | Amauri | WPMobile.App | High | 7.1 | 2024-10-06 10:26:56 | Deep Dive |
| CVE-2024-25694 | BUG-000163019 - Stored XSS in Portal for ArcGIS | Esri | Enterprise Web App Builder | Medium | 4.8 | 2024-10-04 17:17:59 | Deep Dive |