Skip to main content
CVE-2023-6697 MEDIUM POC PATCH THREAT This Month

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.2%.

Google XSS WordPress Wp Go Maps
NVD VulDB
CVSS 3.1
6.1
EPSS
54.2%
Threat
4.3
CVE-2024-22751 CRITICAL POC Act Now

D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Dir 882 A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-23897 CRITICAL POC KEV PATCH THREAT Act Now

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jenkins
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-22651 CRITICAL POC THREAT Act Now

There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 815 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2024-23646 HIGH POC PATCH This Week

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Admin Classic Bundle
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23648 HIGH POC PATCH This Week

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23641 HIGH POC PATCH This Week

SvelteKit is a web development kit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Adapter Node Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23638 MEDIUM POC PATCH THREAT This Month

Squid is a caching proxy for the Web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid
NVD GitHub
CVSS 3.1
6.5
EPSS
60.1%
CVE-2023-52221 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.5.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Barcode Scanner And Inventory Manager
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-22284 HIGH This Week

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.7.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Asgaros Forum
NVD
CVSS 3.1
8.7
EPSS
0.7%
CVE-2024-23898 HIGH PATCH This Week

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
8.8
EPSS
66.9%
CVE-2024-22720 MEDIUM POC This Month

Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kanboard
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0813 HIGH This Week

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0812 HIGH This Week

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0806 HIGH This Week

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-22309 HIGH This Week

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.1.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Wpbot
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-23644 HIGH PATCH This Week

Trillium is a composable toolkit for building internet applications with async rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

SSRF Trillium Trillium Http
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-22135 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.4.3. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Order Export Order Import For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-22152 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.3.7. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-22154 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salesking
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23904 HIGH This Week

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Log Command
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-0804 HIGH This Week

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22372 MEDIUM This Month

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc X1800Gs B Firmware Wrc X1800Gsh B Firmware Wrc X1800Gsa B Firmware Wrc X6000Xs G Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-22366 MEDIUM This Month

Active debug code exists in Yamaha wireless LAN access point devices. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wlx222 Firmware Wlx413 Firmware Wlx212 Firmware Wlx313 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-51702 MEDIUM PATCH This Month

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Airflow Apache Airflow Providers Cncf Kubernetes
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22141 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Profile Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-23901 MEDIUM PATCH This Month

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Jenkins Github Branch Source
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23899 MEDIUM PATCH This Month

Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Git Server
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-23649 MEDIUM PATCH This Month

Lemmy is a link aggregator and forum for the fediverse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Lemmy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0814 MEDIUM This Month

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-0665 MEDIUM PATCH This Month

The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Customer Area
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-22725 MEDIUM PATCH This Month

Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Orthanc
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23633 MEDIUM PATCH This Month

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF XSS Python Label Studio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22380 MEDIUM This Month

Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Electronic Delivery Check System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21796 MEDIUM This Month

Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Electronic Deliverables Creation Support Tool
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21765 MEDIUM This Month

Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Electronic Delivery Check System Electronic Delivery Item Inspection Support System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23453 MEDIUM This Month

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Spoon
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23905 MEDIUM PATCH This Month

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat Jenkins Red Hat Dependency Analytics
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-0854 MEDIUM This Month

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Synology Diskstation Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-22294 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.33.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Country Blocker
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-22301 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.6.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Albo Pretorio Online
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-23903 MEDIUM PATCH This Month

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Jenkins Github Branch Source
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22134 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.5.70. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Contact Form 7 Extension For Mailchimp
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-23902 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab CSRF Jenkins Github Branch Source
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-23900 MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Matrix Project
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-22229 MEDIUM This Month

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Dell Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-0811 MEDIUM This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-0809 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-0805 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-22308 LOW Monitor

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.4.1. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Simple Membership
NVD
CVSS 3.1
3.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy