How severe is CVE-2024-10748?

This vulnerability has a severity rating of LOW with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-10748?

This is classified as CWE-1394, which is a common weakness in software security.

CVE-2024-10748

LOW Year: 2024

CVSS v3 Score

4.7

Medium

CVSS v2 Score

1.0

Low

Weakness Type

CWE-1394

View all →

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument defaultRealmKey leads to use of default cryptographic key. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-11619

LOW

CVSS:5.0(Medium)

A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipu...

CWE-13942024

CVE-2025-26849

MEDIUM

CVSS:4.3(Medium)

There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall...

CWE-13942025

CVE-2024-48956

CRITICAL

CVSS:9.8(Critical)

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution.

CWE-13942024

CVE-2024-29037

CRITICAL

CVSS:9.1(Critical)

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issu...

CWE-13942024

CVE-2023-6451

HIGH

CVSS:7.5(High)

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

CWE-13942023