Skip to main content
CVE-2024-22365 MEDIUM POC PATCH CISA This Month

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Pam
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
Threat
4.6
CVE-2024-1257 MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspxcms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24291 MEDIUM POC This Month

An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Yzmcms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24808 MEDIUM POC PATCH This Month

pyLoad is an open-source Download Manager written in pure Python. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Open Redirect Pyload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24594 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clearml
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-1256 MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic.do. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspxcms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-24255 MEDIUM POC This Month

A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-24254 MEDIUM POC This Month

PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
4.2
EPSS
0.4%
CVE-2024-23344 MEDIUM PATCH This Month

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-20816 MEDIUM This Month

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20815 MEDIUM This Month

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1258 MEDIUM This Month

A vulnerability was found in Juanpao JPShop up to 1.5.02. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Information Disclosure Jpshop
NVD VulDB
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-22331 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Microsoft Urbancode Deploy Devops Deploy
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0911 MEDIUM This Month

A flaw was found in indent, a program for formatting C code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Indent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0690 MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux Ansible Automation Platform Ansible Developer +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-24943 MEDIUM This Month

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Toolbox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-20826 MEDIUM This Month

Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Uphelper Library
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20825 MEDIUM This Month

Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20824 MEDIUM This Month

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20823 MEDIUM This Month

Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20822 MEDIUM This Month

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20814 MEDIUM This Month

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-24937 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24942 MEDIUM This Month

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
5.3
EPSS
32.0%
CVE-2024-24941 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intellij Idea
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-24939 MEDIUM This Month

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rider
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-24938 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-24936 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-22240 MEDIUM This Month

Aria Operations for Networks contains a local file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Information Disclosure Aria Operations For Networks
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-22241 MEDIUM This Month

Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aria Operations For Networks
NVD
CVSS 3.1
4.8
EPSS
37.8%
CVE-2024-22238 MEDIUM This Month

Aria Operations for Networks contains a cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Aria Operations For Networks
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-20828 MEDIUM This Month

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-20827 MEDIUM This Month

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-24940 MEDIUM This Month

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Intellij Idea
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy