| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-37276 | WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability | fifu.app | Featured Image from URL | Medium | 5.3 | 2024-11-01 14:18:27 | Deep Dive |
| CVE-2024-37516 | WordPress Featured Image from URL (FIFU) plugin <= 4.8.2 - Broken Access Control vulnerability | fifu.app | Featured Image from URL | Medium | 6.3 | 2024-11-01 14:18:13 | Deep Dive |
| CVE-2024-43933 | WordPress WPMobile.App plugin <= 11.48 - CSRF to Stored XSS vulnerability | Amauri | WPMobile.App | Medium | 4.3 | 2024-10-31 10:04:19 | Deep Dive |
| CVE-2024-50415 | WordPress Ads.txt & App-ads.txt Manager for WordPress plugin <= 1.1.7.1 - Stored Cross Site Scripting (XSS) vulnerability | Pagup | Ads.txt & App-ads.txt Manager for WordPress | Medium | 5.9 | 2024-10-29 08:46:13 | Deep Dive |
| CVE-2024-50477 | WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability | Stacks | Stacks Mobile App Builder | Critical | 9.8 | 2024-10-28 11:23:07 | Deep Dive |
| CVE-2024-9302 | App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP | appcheap | App Builder – Create Native Android & iOS Apps On The Flight | High | 8.1 | 2024-10-25 06:51:24 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9873 | Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 5.4 | 2024-10-16 05:31:56 | Deep Dive |
| CVE-2024-9305 | AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP | scottopolis | AppPresser – Mobile App Framework | High | 8.1 | 2024-10-16 02:05:05 | Deep Dive |
| CVE-2024-4130 | Lenovo App Store 安全漏洞 | Lenovo | App Store | High | 7.8 | 2024-10-11 15:15:41 | Deep Dive |
| CVE-2024-47867 | Lack of integrity check on the downloaded FRP client in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:19:12 | Deep Dive |
| CVE-2024-47868 | Several components’ post-process steps may allow arbitrary file leaks in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:18:02 | Deep Dive |
| CVE-2024-47869 | Non-constant-time comparison when comparing hashes in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:16:11 | Deep Dive |
| CVE-2024-47870 | Race condition in update_root_in_config may redirect user traffic in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:15:06 | Deep Dive |
| CVE-2024-47871 | Insecure communication between the FRP client and server in Gradio | gradio-app | gradio | - | - | 2024-10-10 22:14:01 | Deep Dive |
| CVE-2024-47872 | Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files | gradio-app | gradio | - | - | 2024-10-10 22:12:27 | Deep Dive |
| CVE-2024-47084 | CORS origin validation is not performed when the request has a cookie in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:53:52 | Deep Dive |
| CVE-2024-47164 | The `is_in_or_equal` function may be bypassed in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:52:27 | Deep Dive |
| CVE-2024-47165 | CORS origin validation accepts the null origin in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:50:08 | Deep Dive |
| CVE-2024-47166 | One-level read path traversal in `/custom_component` in Gradio | gradio-app | gradio | - | - | 2024-10-10 21:48:54 | Deep Dive |