Skip to main content
CVE-2024-2303 MEDIUM This Month

The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2170 MEDIUM PATCH This Month

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Vk All In One Expansion Unit
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-29881 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-29203 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-28126 MEDIUM This Month

Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-26018 MEDIUM This Month

Cross-site scripting vulnerability exists in TvRock 0.9t8a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-25965 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.2.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2024-2889 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.6.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-2971 MEDIUM This Month

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26649 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26648 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc *dc' & 'struct. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Amd Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26647 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' In link_set_dsc_pps_packet(), 'struct. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Amd Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26646 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Buffer Overflow Intel Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26645 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26644 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25957 MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft Grab
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25956 MEDIUM This Month

Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Microsoft Grab
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32237 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.8.1.1; TheGem. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-2732 MEDIUM PATCH This Month

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Themify Shortcodes
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-28034 MEDIUM This Month

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-27630 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.0.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-24805 MEDIUM This Month

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-29735 MEDIUM PATCH This Month

Improper Preservation of Permissions vulnerability in Apache Airflow.8.2 through 2.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Apache Information Disclosure Docker Airflow
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2024-29199 MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nautobot
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-26303 MEDIUM This Month

Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-22356 MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Integration Bus App Connect Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-30235 MEDIUM This Month

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin - MPG.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Multiple Page Generator
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-52214 MEDIUM This Month

Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Void Contact Form 7 Widget For Elementor Page Builder Elementor
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-49838 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in KlbTheme Clotya theme, KlbTheme Cosmetsy theme, KlbTheme Furnob theme, KlbTheme Bacola theme, KlbTheme Partdo theme, KlbTheme Medibazar theme,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-24711 MEDIUM This Month

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.0.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-23520 MEDIUM This Month

Missing Authorization vulnerability in AccessAlly PopupAlly.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Popupally
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2904 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.0.33. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Calliope
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24719 MEDIUM This Month

Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.8.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24718 MEDIUM This Month

Missing Authorization vulnerability in PropertyHive.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Propertyhive
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-2951 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.3.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Registrationmagic
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-25137 MEDIUM This Month

In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy