Skip to main content
CVE-2024-29905 MEDIUM PATCH This Month

DIRAC is an interware, meaning a software framework for distributed computing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Dirac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-29064 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-29063 MEDIUM This Month

Azure AI Search Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Microsoft Azure Ai Search
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-28902 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-28901 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-28900 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-26255 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-26209 MEDIUM This Month

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
14.8%
CVE-2024-26207 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-26172 MEDIUM This Month

Windows DWM Core Library Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-2302 MEDIUM PATCH This Month

The Easy Digital Downloads - Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Easy Digital Downloads
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-2786 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Happy Addons For Elementor Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1641 MEDIUM This Month

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0626 MEDIUM This Month

The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-31369 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PenciDesign Soledad.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Soledad
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0899 MEDIUM This Month

The s2Member - Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Information Exposure in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-27665 MEDIUM This Month

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-28191 MEDIUM PATCH This Month

Contao is an open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Contao
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-28190 MEDIUM PATCH This Month

Contao is an open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Contao
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2974 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-3213 MEDIUM PATCH This Month

The Relevanssi - A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Relevanssi
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1984 MEDIUM This Month

The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-31863 MEDIUM PATCH This Month

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.10.1 before 0.11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Zeppelin
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-31862 MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.10.1 before 0.11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Zeppelin
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2024-27898 MEDIUM This Month

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Netweaver
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1790 MEDIUM This Month

The WordPress Infinite Scroll - Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal WordPress
NVD VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-26220 MEDIUM This Month

Windows Mobile Hotspot Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.0
EPSS
1.1%
CVE-2024-0662 MEDIUM PATCH This Month

The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Fancybox
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-26277 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions <. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-26276 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versions < V35.1.254), Parasolid V36.0 (All versions < V36.0.207), Parasolid V36.1 (All versions <. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jt2Go Parasolid Teamcenter Visualization
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-30215 MEDIUM This Month

The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-30214 MEDIUM This Month

The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3521 MEDIUM This Month

A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
1.2%
CVE-2024-28234 MEDIUM PATCH This Month

Contao is an open source content management system. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Contao
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-1571 MEDIUM PATCH This Month

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video Embed parameter in all versions up to, and including, 9.2.1 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Recipe Maker Bootstrap
NVD VulDB
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-1463 MEDIUM This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including,. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Learnpress
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-1904 MEDIUM This Month

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Masterstudy Lms
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1387 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure WordPress Authentication Bypass Happy Addons For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-0872 MEDIUM PATCH This Month

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure WordPress Authentication Bypass Watu Quiz
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2261 MEDIUM This Month

The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2033 MEDIUM This Month

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-2222 MEDIUM This Month

The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-6965 MEDIUM This Month

The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Pods
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1637 MEDIUM This Month

The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-3545 MEDIUM This Month

Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Microsoft Devolutions Server Remote Desktop Manager
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-31455 MEDIUM PATCH This Month

Minder by Stacklok is an open source software supply chain security platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2024-29056 MEDIUM PATCH This Month

Windows Authentication Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2024-30217 MEDIUM This Month

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-30216 MEDIUM This Month

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-28922 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
4.1
EPSS
0.7%
Prev Page 7 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy