Skip to main content
CVE-2024-20851 MEDIUM This Month

Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Cloud
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20850 MEDIUM This Month

Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Samsung Pay
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27334 MEDIUM This Month

Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Power Pdf
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-20799 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1300 MEDIUM PATCH This Month

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2024-1732 MEDIUM This Month

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-3160 MEDIUM This Month

** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-25075 MEDIUM This Month

An issue was discovered in Softing uaToolkit Embedded before 1.41.1. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2024-20853 MEDIUM This Month

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Themes
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2024-30531 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.2.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-30532 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.0.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2024-22247 MEDIUM This Month

VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass VMware
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-26671 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-2931 MEDIUM PATCH This Month

The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Wpfront User Role Editor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1504 MEDIUM This Month

The SecuPress Free - WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Secupress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-30370 MEDIUM This Month

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Winrar
NVD
CVSS 3.0
4.3
EPSS
1.2%
CVE-2024-2435 MEDIUM PATCH This Month

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-3142 MEDIUM This Month

A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy