Skip to main content
CVE-2024-2312 MEDIUM POC This Month

GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Authentication Bypass Debian Ubuntu +2
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2024-2509 MEDIUM POC This Month

The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenberg Blocks With Ai
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-3320 MEDIUM POC This Month

A vulnerability was found in SourceCodester eLearning System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Elearning System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3357 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aplaya Beach Resort Online Reservation System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-31213 MEDIUM POC This Month

InstantCMS is a free and open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Instantcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3321 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Elearning System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-29783 MEDIUM This Month

In tmu_get_tr_thresholds, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-2447 MEDIUM PATCH This Month

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-28949 MEDIUM PATCH This Month

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2499 MEDIUM This Month

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-23592 MEDIUM This Month

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Lenovo Microsoft
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-3346 MEDIUM This Month

A vulnerability was found in Byzoro Smart S80 up to 20240328. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
49.3%
CVE-2024-29754 MEDIUM This Month

In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-26329 MEDIUM This Month

Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-29747 MEDIUM This Month

In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due to a missing null check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-27231 MEDIUM This Month

In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-28065 MEDIUM This Month

In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-31852 MEDIUM This Month

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2024-27437 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-26812 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-29782 MEDIUM This Month

In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29751 MEDIUM This Month

In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB Read due to a missing null check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29750 MEDIUM This Month

In km_exp_did_inner of kmv.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29745 MEDIUM KEV THREAT This Month

there is a possible Information Disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-29744 MEDIUM This Month

In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29742 MEDIUM This Month

In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29739 MEDIUM This Month

In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-29738 MEDIUM This Month

In gov_init, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27232 MEDIUM This Month

In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Information Disclosure Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-26814 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26813 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5692 MEDIUM This Month

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2024-2380 MEDIUM This Month

Stored XSS in graph rendering in Checkmk <2.3.0b4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Checkmk
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-27910 MEDIUM This Month

A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-27909 MEDIUM This Month

A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-27908 MEDIUM This Month

A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Denial Of Service
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-26810 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-29755 MEDIUM This Month

In tmu_get_pi of tmu.c, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy