Skip to main content
CVE-2024-23836 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Suricata Denial Of Service Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23835 HIGH PATCH This Week

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Suricata Denial Of Service Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-22371 HIGH PATCH This Week

Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Camel
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-22201 HIGH PATCH This Week

Jetty is a Java based web server and servlet engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Jetty Debian Linux Active Iq Unified Manager +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-1622 HIGH This Week

Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator Fedora
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-24714 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.1.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Icons Font Loader
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-25082 MEDIUM PATCH This Month

Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Fontforge Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2024-0387 MEDIUM This Month

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eds 4008 Firmware Eds 4009 Firmware Eds 4012 Firmware Eds 4014 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-26468 MEDIUM This Month

A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Url Pages
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26467 MEDIUM This Month

A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Railroad Diagram Generator
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26466 MEDIUM This Month

A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Platform Tests
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26465 MEDIUM This Month

A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0436 MEDIUM PATCH This Month

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-26606 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26605 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Qualcomm Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26604 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "kobject: Remove redundant checks for whether ktype is NULL" This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26603 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26602 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26601 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26600 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-1758 MEDIUM PATCH This Month

The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Superfaktura Woocommerce
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-27087 MEDIUM PATCH This Month

Kirby is a content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kirby
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1890 MEDIUM This Month

Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sunny Webbox Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1871 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Employee Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0435 MEDIUM PATCH This Month

User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Anythingllm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1436 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.0.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Myshopkit
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-24568 MEDIUM PATCH This Month

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Suricata Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-1165 MEDIUM PATCH This Month

The Brizy - Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Brizy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-25081 MEDIUM PATCH This Month

Splinefont in FontForge through 20230101 allows command injection via crafted filenames. Rated medium severity (CVSS 4.2).

Command Injection Fontforge Debian Linux Fedora
NVD GitHub
CVSS 3.1
4.2
EPSS
1.1%
CVE-2023-5775 LOW PATCH Monitor

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable.

Information Disclosure WordPress Backwpup
NVD VulDB
CVSS 3.1
2.2
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy