Skip to main content
CVE-2024-25122 MEDIUM POC PATCH This Month

sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sidekiq Unique Jobs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21381 MEDIUM PATCH This Month

Microsoft Azure Active Directory B2C Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Microsoft Azure Active Directory
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-21341 MEDIUM PATCH This Month

Windows Kernel Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1809 +8
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-25118 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-1082 MEDIUM This Month

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-21356 MEDIUM PATCH This Month

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2024-20684 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 +2
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-20679 MEDIUM PATCH This Month

Azure Stack Hub Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Stack Hub
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-21491 MEDIUM PATCH This Month

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Svix Webhooks
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1159 MEDIUM PATCH This Month

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Bold Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-21339 MEDIUM PATCH This Month

Windows USB Generic Parent Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1809 +8
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-24739 MEDIUM This Month

SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Bank Account Management
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-22132 MEDIUM This Month

SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection SAP Ides Ecc
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-1084 MEDIUM This Month

Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Enterprise Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1140 MEDIUM This Month

Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Twister Antivirus
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-22128 MEDIUM This Month

SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Business Client For Html
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22126 MEDIUM This Month

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Java SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21344 MEDIUM PATCH This Month

Windows Network Address Translation (NAT) Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2024-20695 MEDIUM PATCH This Month

Skype for Business Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Skype For Business Server
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-21377 MEDIUM PATCH This Month

Windows DNS Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-21362 MEDIUM PATCH This Month

Windows Kernel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1096 MEDIUM This Month

Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Twister Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23801 MEDIUM PATCH This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tecnomatix Plant Simulation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23800 MEDIUM PATCH This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tecnomatix Plant Simulation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23799 MEDIUM PATCH This Month

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Tecnomatix Plant Simulation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22043 MEDIUM This Month

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Parasolid
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1157 MEDIUM PATCH This Month

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Bold Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-1160 MEDIUM PATCH This Month

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Bold Page Builder
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22130 MEDIUM This Month

Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Crm Webclient Ui
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21397 MEDIUM PATCH This Month

Microsoft Azure File Sync Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3).

Information Disclosure Microsoft Azure File Sync
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-24740 MEDIUM This Month

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21374 MEDIUM PATCH This Month

Microsoft Teams for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Google Microsoft Teams
NVD
CVSS 3.1
5.0
EPSS
1.0%
CVE-2024-25119 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-21340 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2024-25914 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.3.20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smtp Mail
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-25120 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-24782 MEDIUM This Month

An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure F30 03X Yy Com Firmware F30 03X Yy Cpu Firmware F35 03X Yy Com Firmware F35 03X Yy Cpu Firmware +9
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-25643 MEDIUM This Month

The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Fiori
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-24741 MEDIUM This Month

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Master Data Governance For Material Data
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-21304 MEDIUM PATCH This Month

Trusted Compute Base Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.1).

Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +4
NVD
CVSS 3.1
4.1
EPSS
0.5%
CVE-2024-24742 MEDIUM This Month

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Crm Webclient Ui
NVD
CVSS 3.1
4.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy