Skip to main content
CVE-2024-23332 MEDIUM PATCH This Month

The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Notation Go
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-47160 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.9.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp Social Login And Register Social Counter
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-45083 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content -. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Profilepress
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-22421 MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyterlab Notebook Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0758 MEDIUM PATCH This Month

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Molecularfaces
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22420 MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jupyterlab Notebook Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-23659 MEDIUM PATCH This Month

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Spip
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23686 MEDIUM PATCH This Month

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dependency Check
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-23685 MEDIUM PATCH This Month

Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Mod Remote Storage
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22877 MEDIUM This Month

StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Thehive
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-22876 MEDIUM This Month

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Thehive
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-23688 MEDIUM PATCH This Month

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discovery
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23680 MEDIUM PATCH This Month

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Java Information Disclosure Aws Encryption Sdk
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-21733 MEDIUM PATCH This Month

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
14.3%
CVE-2024-23387 MEDIUM This Month

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fusionpbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-45845 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.5.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Smart Slider 3
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy