Skip to main content
CVE-2024-20717 MEDIUM POC This Month

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Adobe XSS Commerce
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25373 MEDIUM POC This Month

Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-0240 MEDIUM This Month

A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-20718 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe CSRF Commerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-25620 MEDIUM PATCH This Month

Helm is a tool for managing Charts. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kubernetes Helm
NVD GitHub
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-25940 MEDIUM This Month

`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-21728 MEDIUM This Month

An Open Redirect vulnerability was found in osTicky2 below 2.2.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Osticky
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21727 MEDIUM This Month

XSS vulnerability in DP Calendar component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dpcalendar
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-24256 MEDIUM This Month

SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Yonyou
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-20749 MEDIUM PATCH This Month

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2024-20748 MEDIUM PATCH This Month

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2024-20747 MEDIUM PATCH This Month

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.4%
CVE-2024-20736 MEDIUM PATCH This Month

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
3.2%
CVE-2024-20735 MEDIUM PATCH This Month

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2024-20734 MEDIUM PATCH This Month

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Use After Free Adobe Denial Of Service Memory Corruption Acrobat Dc +3
NVD
CVSS 3.1
5.5
EPSS
3.3%
CVE-2024-20733 MEDIUM PATCH This Month

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Adobe Denial Of Service Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
5.5
EPSS
3.4%
CVE-2024-20725 MEDIUM This Month

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20724 MEDIUM This Month

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20722 MEDIUM This Month

Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0708 MEDIUM PATCH This Month

The Landing Page Cat - Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Landing Page Cat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-20716 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Denial Of Service Commerce
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-25559 MEDIUM This Month

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect A Blog Cms
NVD
CVSS 3.1
4.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy