Skip to main content
CVE-2024-28236 MEDIUM PATCH This Month

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Docker Worker
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-2182 MEDIUM This Month

A flaw was found in the Open Virtual Network (OVN). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-26197 MEDIUM This Month

Windows Standards-Based Storage Management Service Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2024-26185 MEDIUM This Month

Windows Compressed Folder Tampering Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 11 22h2 Windows 11 23h2
NVD
CVSS 3.1
6.5
EPSS
30.5%
CVE-2024-1303 MEDIUM This Month

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Monitool
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-1227 MEDIUM This Month

An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22045 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Sinema Remote Connect Client
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27279 MEDIUM This Month

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal A Blog Cms
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-22133 MEDIUM This Month

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Fiori Front End Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1397 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ht Mega
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1421 MEDIUM This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ht Mega
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1328 MEDIUM This Month

The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS WordPress Newsletter2Go
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2130 MEDIUM PATCH This Month

The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Cww Companion
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2031 MEDIUM This Month

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Video Conferencing With Zoom
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-21430 MEDIUM PATCH This Month

Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure RCE Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2024-24964 MEDIUM This Month

Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Skysea Client View
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-2371 MEDIUM This Month

Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-1529 MEDIUM This Month

Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Cms Made Simple
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1528 MEDIUM This Month

CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Cms Made Simple
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1304 MEDIUM This Month

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Monitool
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-21584 MEDIUM This Month

Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pleasanter
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27902 MEDIUM This Month

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver As Abap
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2107 MEDIUM This Month

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure WordPress Blossom Spa
NVD VulDB
CVSS 3.1
5.8
EPSS
1.3%
CVE-2024-26181 MEDIUM This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2024-26177 MEDIUM This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 11 23h2 +4
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2024-26174 MEDIUM This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2024-26160 MEDIUM This Month

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 11 22h2 Windows 11 23h2 +1
NVD
CVSS 3.1
5.5
EPSS
11.4%
CVE-2024-21408 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
4.5%
CVE-2024-20671 MEDIUM PATCH This Month

Microsoft Defender Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Microsoft Windows Defender Antimalware Platform
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2024-1302 MEDIUM This Month

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Monitool
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-24097 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Scholars Tracking System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28098 MEDIUM PATCH This Month

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Pulsar
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2024-21419 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2024-0906 MEDIUM This Month

The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress F X Private Site
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27305 MEDIUM PATCH This Month

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Aiosmtpd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1410 MEDIUM PATCH This Month

Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Quiche
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-2049 MEDIUM This Month

Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Citrix Sd Wan 1000 Firmware Sd Wan 110 Firmware Sd Wan 1100 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-25997 MEDIUM This Month

An unauthenticated remote attacker can perform a log injection due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-25994 MEDIUM This Month

An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-28163 MEDIUM This Month

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27900 MEDIUM This Month

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Abap Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-25645 MEDIUM This Month

Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-25644 MEDIUM This Month

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21483 MEDIUM This Month

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.2.4 only when manufactured between LQN231003... Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-21448 MEDIUM This Month

Microsoft Teams for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Teams
NVD
CVSS 3.1
5.0
EPSS
1.2%
CVE-2024-28112 MEDIUM This Month

Peering Manager is a BGP session management tool. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Peering Manager
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-26005 MEDIUM This Month

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-26521 MEDIUM This Month

HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2023-4731 MEDIUM PATCH This Month

The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ladipage
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4729 MEDIUM This Month

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF Ladipage
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy