Skip to main content
CVE-2024-28824 HIGH This Week

Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1848 HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2227 HIGH This Week

This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Identityiq
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-2725 HIGH This Week

Information exposure vulnerability in the CIGESv2 system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2724 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2723 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2722 HIGH This Week

SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Ciges
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2449 HIGH This Week

A cross-site request forgery vulnerability has been identified in LoadMaster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Loadmaster
NVD
CVSS 3.1
7.5
EPSS
12.9%
CVE-2024-0638 MEDIUM This Month

Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-2500 MEDIUM This Month

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-2392 MEDIUM PATCH This Month

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Blocksy Companion
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-29338 LOW POC Monitor

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Anchor Cms
NVD GitHub
CVSS 3.1
2.4
EPSS
0.3%
CVE-2024-0957 MEDIUM PATCH This Month

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Woocommerce Pdf Invoices Packing Slips Delivery Notes And Shipping Labels
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-2727 MEDIUM This Month

HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ciges
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2726 MEDIUM This Month

Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ciges
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-2728 MEDIUM This Month

Information exposure vulnerability in the CIGESv2 system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ciges
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-29865 MEDIUM This Month

Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siem
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28593 MEDIUM This Month

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Moodle
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-26247 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2024-2080 MEDIUM This Month

The LiquidPoll - Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-29057 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2024-1742 LOW Monitor

Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy