Latest CVE Feed
-
6.8
MEDIUMCVE-2024-33061
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.... Read more
Affected Products : sw5100_firmware sw5100p_firmware wcn3980_firmware wcn3988_firmware wsa8830_firmware wsa8835_firmware wcn3660b_firmware wcn3680b_firmware qcs8550_firmware wcn3660b +8 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2024-33059
Memory corruption while processing frame command IOCTL calls.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qcs8550_firmware qcm8550_firmware sm8550p_firmware wcd9390_firmware wcd9395_firmware wsa8840_firmware +22 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-33055
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware +70 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-33041
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware +62 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2024-23366
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.... Read more
Affected Products : qam8295p_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware sa8540p_firmware sa9000p_firmware qam8255p_firmware sa8255p_firmware +24 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Information Disclosure
-
8.4
HIGHCVE-2024-21464
Memory corruption while processing IPA statistics, when there are no active clients registered.... Read more
Affected Products : wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware qcm4490_firmware qcs4490_firmware wcd9370_firmware wcn3950_firmware wcn6740_firmware wsa8832_firmware +32 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2024-12311
The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more
Affected Products : email_subscribers_\&_newsletters- Published: Jan. 06, 2025
- Modified: May. 14, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2024-12302
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks... Read more
Affected Products : icegram_engage- Published: Jan. 06, 2025
- Modified: May. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-11849
The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more
Affected Products : pods- Published: Jan. 06, 2025
- Modified: May. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-11356
The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more
Affected Products : tour_master- Published: Jan. 06, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2024-20154
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User inter... Read more
Affected Products :- Published: Jan. 06, 2025
- Modified: Jan. 06, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-20153
In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0... Read more
Affected Products :- Published: Jan. 06, 2025
- Modified: Jan. 06, 2025
- Vuln Type: Information Disclosure
-
4.4
MEDIUMCVE-2024-20152
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pat... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 21, 2025
- Vuln Type: Denial of Service
-
6.7
MEDIUMCVE-2024-20151
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID:... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 21, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-20150
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 22, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-20149
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331... Read more
Affected Products :- Published: Jan. 06, 2025
- Modified: Jan. 06, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2024-20148
In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch I... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 22, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2024-20146
In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Pat... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 22, 2025
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2024-20145
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 22, 2025
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2024-20144
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 22, 2025
- Vuln Type: Memory Corruption