Skip to main content
CVE-2024-26269 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-25147 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-26311 MEDIUM This Month

Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-26584 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25905 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.7.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Multi Step Form
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-25151 MEDIUM PATCH This Month

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26266 MEDIUM PATCH This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25603 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25602 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25601 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25152 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Liferay Portal Digital Experience Platform
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-1562 MEDIUM PATCH This Month

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google WordPress Authentication Bypass Woocommerce Google Sheet Connector
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-26138 MEDIUM PATCH This Month

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Application Licensing
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-26133 MEDIUM PATCH This Month

EventStoreDB (ESDB) is an operational database built to store events. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Eventstoredb
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-1501 MEDIUM PATCH This Month

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Database Reset
NVD VulDB
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-26585 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-26583 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-24837 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.44.3; FG Drupal to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24802 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jtrt Responsive Tables
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24798 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Debug
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-25904 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tinymce And Tinymce Advanced Professsional Formats And Styles
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24876 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Menu Editor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24872 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24849 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quicksand Post Filter Jquery
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-26310 MEDIUM This Month

Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-26145 MEDIUM PATCH This Month

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Calendar
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-1706 LOW Monitor

A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zkbio Access Ivs
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy