Skip to main content
CVE-2024-22854 MEDIUM POC This Month

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Redirect Threat Visualizer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25627 MEDIUM POC This Month

Alf.io is a free and open source event attendance management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alf
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-21984 MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required.

XSS Storagegrid
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2024-21983 MEDIUM PATCH This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Storagegrid
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-24750 MEDIUM PATCH This Month

Undici is an HTTP/1.1 client, written from scratch for Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Undici
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0032 MEDIUM PATCH This Month

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0020 MEDIUM PATCH This Month

In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0017 MEDIUM PATCH This Month

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0030 MEDIUM PATCH This Month

In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-21987 MEDIUM This Month

SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Snapcenter
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-0016 MEDIUM PATCH This Month

In multiple locations, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0019 MEDIUM PATCH This Month

In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Denial Of Service Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2024-24758 MEDIUM PATCH This Month

Undici is an HTTP/1.1 client, written from scratch for Node.js. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Undici
NVD GitHub
CVSS 3.1
4.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy