Skip to main content
CVE-2024-29413 MEDIUM This Month

Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a remote attacker to run arbitrary code via the Instant messenger field in the Contact info function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20367 MEDIUM This Month

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Enterprise Chat And Email
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20334 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Telepresence Management Suite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3162 MEDIUM PATCH This Month

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Jeg Elementor Kit
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3218 MEDIUM This Month

A vulnerability classified as critical has been found in Shibang Communications IP Network Intercom Broadcasting System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-26755 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: md: Don't suspend the array for interrupted reshape md_start_sync() will suspend the array if there are spares that can be added or. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-26731 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() syzbot reported the following NULL pointer dereference. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-23540 MEDIUM This Month

The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-3181 MEDIUM PATCH This Month

Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3180 MEDIUM PATCH This Month

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3179 MEDIUM PATCH This Month

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3178 MEDIUM PATCH This Month

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-2753 MEDIUM PATCH This Month

Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-26698 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-2689 MEDIUM PATCH This Month

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2024-26769 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try to. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-26747 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-26712 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-20302 MEDIUM This Month

A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Orchestrator
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-20283 MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-31393 MEDIUM This Month

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-31419 MEDIUM This Month

An information disclosure flaw was found in OpenShift Virtualization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy