Skip to main content
CVE-2024-20778 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-31353 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.7.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slideshow Gallery
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-31302 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.3.44. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Contact Form Email
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-31230 MEDIUM This Month

Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-31242 MEDIUM This Month

Missing Authorization vulnerability in Bricksforge.0.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1481 MEDIUM This Month

A flaw was found in FreeIPA. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-3386 MEDIUM This Month

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-2730 MEDIUM This Month

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23734 MEDIUM This Month

Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF S Notify
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2024-3388 MEDIUM This Month

A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os Prisma Access
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-3448 MEDIUM This Month

Users with low privileges can perform certain AJAX actions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-31464 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-31253 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.3.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wp Oauth Server
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-31282 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.8.7. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect App Builder
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-31278 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.10.22. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-22448 MEDIUM This Month

Dell BIOS contains an Out-of-Bounds Write vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Denial Of Service Memory Corruption Alienware M15 R6 Firmware +267
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-31386 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-31944 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping - Live Rates and Access Points.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31430 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR - Bulk Editor and Products Manager Professional for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Bear Woocommerce Bulk Editor And Products Manager Professional Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31939 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31943 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce - Live Rates.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31924 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in nosilver4u EWWW Image Optimizer ewww-image-optimizer.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-32001 MEDIUM PATCH This Month

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Spicedb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-31995 MEDIUM PATCH This Month

`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-31254 LOW Monitor

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.4.7. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Information Disclosure Backup And Migration
NVD
CVSS 3.1
3.7
EPSS
1.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy