Skip to main content
CVE-2024-24028 MEDIUM This Month

Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Likeshop
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-29916 MEDIUM This Month

The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2024-26642 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-26643 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27277 MEDIUM This Month

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-22352 MEDIUM This Month

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-1213 MEDIUM PATCH This Month

The Easy Social Feed - Social Photos Gallery - Post Feed - Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Easy Social Feed
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-1502 MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-28045 MEDIUM This Month

Improper neutralization of input within the affected product could lead to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-29133 MEDIUM PATCH This Month

Out-of-bounds Write vulnerability in Apache Commons Configuration.0 before 2.10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Commons Configuration Fedora
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2024-1142 MEDIUM This Month

Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-44595 MEDIUM This Month

Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp 2Fa
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-28834 MEDIUM This Month

A flaw was found in GnuTLS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-26307 MEDIUM This Month

Possible race condition vulnerability in Apache Doris. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Information Disclosure Apache Doris
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-28835 MEDIUM This Month

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-27190 MEDIUM This Month

Missing Authorization vulnerability in Jean-David Daviet Download Media.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Download Media
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-1503 MEDIUM This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Tutor Lms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1214 MEDIUM PATCH This Month

The Easy Social Feed - Social Photos Gallery - Post Feed - Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Easy Social Feed
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-26196 MEDIUM PATCH This Month

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2024-2748 MEDIUM This Month

A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy