Skip to main content
CVE-2024-29815 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.3.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29813 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CartFlows Inc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-30178 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simply Static Simply Static simply-static.1.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29929 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM - Frontend Manager for WooCommerce allows Stored XSS.7.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29922 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.6.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29776 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.3.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eventprime
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29819 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.3.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-27188 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloudways Breeze breeze.1.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-29921 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in supsystic Photo Gallery by Supsystic gallery-by-supsystic.15.16. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-20265 MEDIUM This Month

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-28853 MEDIUM This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Ampache
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-25392 MEDIUM This Month

An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rt Thread
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-30198 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.8.5. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Buddyforms
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-26651 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-20324 MEDIUM This Month

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20309 MEDIUM This Month

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-2120 MEDIUM This Month

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Navigation widget in all versions up to, and including, 3.20.1 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Website Builder Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-2121 MEDIUM This Month

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Carousel widget in all versions up to, and including, 3.20.1 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Elementor Pro Elementor
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-44999 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.6.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Stripe Payment Gateway
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-23515 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.159. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-2995 MEDIUM This Month

A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Denial Of Service
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29888 MEDIUM PATCH This Month

Saleor is an e-commerce platform that serves high-volume companies. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saleor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-28784 MEDIUM This Month

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2962 MEDIUM This Month

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-29886 MEDIUM PATCH This Month

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Serverpod
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-20316 MEDIUM This Month

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-2244 MEDIUM This Month

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-29892 MEDIUM PATCH This Month

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zitadel
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-2954 MEDIUM This Month

The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Action Network
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-2956 MEDIUM This Month

The Simple Ajax Chat - Add a Fast, Secure Chat Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20231101 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-23510 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dont Muck My Markup
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-20333 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Catalyst Center
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-25394 MEDIUM This Month

A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-26652 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.1
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy