Skip to main content
CVE-2024-25831 MEDIUM POC This Month

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Datacube3
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-26458 MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +5
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-6090 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Mollie Mollie Payments for WooCommerce.3.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Mollie Payments For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-25128 CRITICAL PATCH Act Now

Flask-AppBuilder is an application development framework, built on top of Flask. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Python Flask Appbuilder
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-25065 CRITICAL Act Now

Possible path traversal in Apache OFBiz allowing authentication bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Apache Ofbiz
NVD
CVSS 3.1
9.1
EPSS
47.7%
CVE-2024-1206 HIGH PATCH This Week

The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Recipe Maker Bootstrap
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1317 HIGH PATCH This Week

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-1619 HIGH This Week

Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Security
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-1977 MEDIUM POC This Month

The Restaurant Solutions - Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Restaurant Solutions Checklist
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23519 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.9.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Email Before Download
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-20321 HIGH This Week

A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-20267 HIGH This Week

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2024-0604 MEDIUM POC This Month

The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress Foogallery
NVD VulDB
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-0602 MEDIUM POC PATCH This Month

The YARPP - Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Yet Another Related Posts Plugin
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-25262 HIGH This Week

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-25006 HIGH This Week

XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Xenforo
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-27294 HIGH PATCH This Week

dp-golang is a Puppet module for Go installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Apple Information Disclosure Dp Golang
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1595 HIGH This Week

Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cncsoft B Dopsoft
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20765 HIGH This Week

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-26131 HIGH PATCH This Week

Element Android is an Android Matrix Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Google Element
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-1470 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Microsoft Client Login Extension
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1217 HIGH PATCH This Week

The Contact Form builder with drag & drop for WordPress - Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Contact Form Builder
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-2009 HIGH This Week

A vulnerability was found in Nway Pro 9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Nway Pro
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27284 HIGH PATCH This Week

cassandra-rs is a Cassandra (CQL) driver for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Cassandra Rs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23302 HIGH This Week

Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-26146 HIGH PATCH This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rack Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-0702 HIGH This Week

The Oliver POS - A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Authentication Bypass Oliver Pos
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-25093 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gd Rating System
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-21752 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.11.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Ajax Search
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-1437 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adsmonetizer
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-50905 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0068 HIGH This Week

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.7.1. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Workforce Access
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-0379 MEDIUM PATCH This Month

The Custom Twitter Feeds - A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.9%.

WordPress CSRF Custom Twitter Feeds
NVD VulDB
CVSS 3.1
4.3
EPSS
13.9%
CVE-2024-1519 MEDIUM PATCH This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Profilepress
NVD VulDB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-0438 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
1.7%
CVE-2023-6923 MEDIUM PATCH This Month

The Matomo Analytics - Ethical Stats. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Matomo
NVD VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2024-20294 MEDIUM This Month

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Extensible Operating System Nx Os Unified Computing System
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-0838 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.9%
CVE-2024-1425 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.8%
CVE-2024-1043 MEDIUM PATCH This Month

The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Accelerated Mobile Pages
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-1318 MEDIUM PATCH This Month

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-25594 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Mywaze
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25098 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio - with Cache Support allows Stored XSS.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pb Oembed Html5 Audio
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25094 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.9.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pj News Ticker
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1349 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-24988 MEDIUM PATCH This Month

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-23493 MEDIUM PATCH This Month

Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1242 MEDIUM This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Premium Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1235 MEDIUM PATCH This Month

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1570 MEDIUM PATCH This Month

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Profilepress
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy