Skip to main content
CVE-2024-29896 HIGH PATCH This Week

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Astro Shield
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31136 HIGH This Week

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-2947 HIGH This Week

A flaw was found in Cockpit. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2024-0259 HIGH This Week

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Robot Schedule
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-27775 HIGH This Week

SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-36679 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.6.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Spectra
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-25599 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-30200 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR allows Reflected XSS.1.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bear Woocommerce Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-27999 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-28002 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.8.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-28001 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Favicon Rotator allows Reflected XSS.2.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-34370 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates - Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.2.4; Premium. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0980 HIGH This Week

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code. Rated high severity (CVSS 7.1). No vendor patch available.

RCE Path Traversal Microsoft
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-25961 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-52234 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Elite for WooCommerce.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Booster For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-52231 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Booster Booster Plus for WooCommerce.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Booster For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-30422 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.13.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-25506 MEDIUM This Month

Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-25971 MEDIUM This Month

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell XXE Powerprotect Data Manager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31134 MEDIUM This Month

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-29898 MEDIUM PATCH This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Createwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-2818 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-2111 MEDIUM PATCH This Month

The Events Manager - Calendar, Bookings, Tickets, and more!. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Events Manager
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-29316 MEDIUM PATCH This Month

NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nodebb
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2022-45850 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.6.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28091 MEDIUM This Month

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31137 MEDIUM This Month

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31135 MEDIUM This Month

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25953 MEDIUM This Month

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-25952 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-28016 MEDIUM This Month

Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2023-50374 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP - Coming Soon & Maintenance.1.10. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-30221 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25959 MEDIUM This Month

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-2091 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.2 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-28003 MEDIUM This Month

Missing Authorization vulnerability in Megamenu Max Mega Menu.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-28004 MEDIUM This Month

Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.0.248. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Colibri Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-28090 MEDIUM This Month

Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
3.6%
CVE-2024-31138 MEDIUM This Month

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
74.5%
CVE-2024-29239 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29238 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29237 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29236 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29235 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29234 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29233 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29232 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29231 MEDIUM This Month

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-29230 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-29227 MEDIUM This Month

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Synology Surveillance Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy