Skip to main content
CVE-2024-24903 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

Authentication Bypass Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-1453 HIGH This Week

In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25552 HIGH This Week

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Com Port Redirector Legacy Com Port Redirector Plug Play Opc Server
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-25578 HIGH This Week

MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Dicom Viewer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22100 HIGH This Week

MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Dicom Viewer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-1941 HIGH This Week

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-24907 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24905 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24904 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-24906 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-1869 HIGH This Week

Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Information Disclosure Cq893C Firmware Cq891C Firmware
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-2076 HIGH This Week

A vulnerability was found in CodeAstro House Rental Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP House Rental Management System
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-27139 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-27138 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Archiva
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-24900 HIGH PATCH This Week

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-2062 HIGH This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-2061 HIGH This Week

A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-2060 HIGH This Week

A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-2059 HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-2058 HIGH This Week

A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-2074 MEDIUM This Month

A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-2068 MEDIUM This Month

A vulnerability was found in SourceCodester Computer Inventory System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Computer Inventory System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2024-2066 MEDIUM This Month

A vulnerability was found in SourceCodester Computer Inventory System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Computer Inventory System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2065 MEDIUM This Month

A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Barangay Population Monitoring System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2078 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Helpdeskz
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-23492 MEDIUM This Month

A weak encoding is used to transmit credentials for WS203VICM. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-27950 MEDIUM This Month

Missing Authorization vulnerability in Sirv CDN and Image Hosting Sirv sirv.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-27949 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Sirv CDN and Image Hosting Sirv sirv.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-27140 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Archiva
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2024-1120 MEDIUM PATCH This Month

The NextMove Lite - Thank You Page for WooCommerce and Finale Lite - Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Finale Nextmove
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-27296 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-22458 MEDIUM PATCH This Month

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-2063 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Petrol Pump Management
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-26280 MEDIUM PATCH This Month

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Apache Airflow
NVD GitHub
CVSS 3.1
4.7
EPSS
1.9%
CVE-2024-0967 MEDIUM This Month

A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy