Skip to main content
CVE-2024-0159 MEDIUM This Month

Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Alienware Command Center
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-31245 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in ConvertKit.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Convertkit Email Marketing Email Newsletter And Landing Pages
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-23083 MEDIUM This Month

Time4J Base v5.9.3 was discovered to contain a NullPointerException via the component net.time4j.format.internal.FormatUtils::useDefaultWeekmodel(Locale). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-3235 MEDIUM This Month

The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-31249 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Subscribe To Comments Reloaded
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-2733 MEDIUM PATCH This Month

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Bold Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-31298 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure User Spam Remover
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-31247 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.70.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fg Drupal
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-2666 MEDIUM This Month

The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Premium Addons For Elementor Elementor
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-2731 MEDIUM This Month

Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-26122 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26098 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26097 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26087 MEDIUM This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26084 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26079 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26076 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26047 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26046 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-20780 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-20779 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-20778 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-31353 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.7.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slideshow Gallery
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-31302 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.3.44. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Contact Form Email
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-31230 MEDIUM This Month

Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-31242 MEDIUM This Month

Missing Authorization vulnerability in Bricksforge.0.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1481 MEDIUM This Month

A flaw was found in FreeIPA. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-3386 MEDIUM This Month

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-2730 MEDIUM This Month

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23734 MEDIUM This Month

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF S Notify
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2024-3388 MEDIUM This Month

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os Prisma Access
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-3448 MEDIUM This Month

Users with low privileges can perform certain AJAX actions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-31464 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-31253 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.3.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wp Oauth Server
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-31282 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.8.7. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect App Builder
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-31278 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.10.22. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-22448 MEDIUM This Month

Dell BIOS contains an Out-of-Bounds Write vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service Memory Corruption Alienware M15 R6 Firmware +267
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-31386 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-31944 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping - Live Rates and Access Points.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31430 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR - Bulk Editor and Products Manager Professional for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Bear Woocommerce Bulk Editor And Products Manager Professional Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31939 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31943 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce - Live Rates.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31924 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-32001 MEDIUM PATCH This Month

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Spicedb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-31995 MEDIUM PATCH This Month

`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy