Skip to main content
CVE-2024-3179 MEDIUM PATCH This Month

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3178 MEDIUM PATCH This Month

Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-2753 MEDIUM PATCH This Month

Concrete CMS version 9 before 9.2.8 and previous versions prior to 8.5.16 is vulnerable to Stored XSS on the calendar color settings screen since Information input by the user is output without. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-26698 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-2689 MEDIUM PATCH This Month

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2024-26769 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try to. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-26747 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-26712 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-20302 MEDIUM This Month

A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard Orchestrator
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-20283 MEDIUM This Month

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Nexus Dashboard
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-31393 MEDIUM This Month

Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-31419 MEDIUM This Month

An information disclosure flaw was found in OpenShift Virtualization. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-30329 LOW Monitor

Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Pdf Editor +1
NVD
CVSS 3.0
3.3
EPSS
0.7%
CVE-2024-27345 LOW Monitor

Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Power Pdf
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2024-26764 LOW PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy