Skip to main content
CVE-2024-30840 MEDIUM This Month

A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Denial Of Service Ac15 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-3783 MEDIUM This Month

The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wbsairback
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23594 MEDIUM This Month

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Stack Overflow Lenovo Microsoft RCE
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-23558 MEDIUM This Month

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-3804 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408.1.5/server/fileupload2.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-31990 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-3803 MEDIUM This Month

A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-27794 MEDIUM This Month

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Filemaker Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-23559 MEDIUM This Month

HCL DevOps Deploy / Launch is generating an obsolete HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-32489 MEDIUM PATCH This Month

TCPDF before 6.7.4 mishandles calls that use HTML syntax. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Tcpdf
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3776 MEDIUM This Month

The parameter used in the login page of Netvision airPASS is not properly filtered for user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Airpass
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24898 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-24891 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-32453 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.9.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Poeditor
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32429 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.0.13. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remove Footer Credit
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32428 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moss Web Works MWW Disclaimer Buttons allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mww Disclaimer Buttons
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-52144 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RexTheme Product Feed Manager.3.15. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-31373 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf e2pdf e2pdf.20.27. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31425 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.0.95. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31378 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailchimp Forms
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31389 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ertano MihanPanel.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31933 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.5.35. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31434 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32103 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32097 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32096 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files - WP Synchro.11.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32452 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.5.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32449 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPress.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32446 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce.5.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32445 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition.05.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32093 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32092 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-31941 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media Player.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32085 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.20.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Citadela Listing
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-31432 MEDIUM This Month

Missing Authorization vulnerability in StellarWP Restrict Content.2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-28957 MEDIUM This Month

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cente Ipv6 Cente Ipv6 Snmpv2 Cente Ipv6 Snmpv3 Cente Tcp Ipv4 +2
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-28894 MEDIUM This Month

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cente Ipv6 Cente Ipv6 Snmpv2 Cente Ipv6 Snmpv3
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-3774 MEDIUM This Month

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A Hrd
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-23560 MEDIUM This Month

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hcl Devops Deploy Hcl Launch
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-32129 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).3.6. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-32431 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wp All Import
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-32430 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.1.14. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Activecampaign
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-32454 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more - Wappointment.6.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-31374 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Scott Bolinger AppPresser apppresser allows Cross Site Request Forgery.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31388 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database - Tablesome.0.25. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31923 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31421 MEDIUM This Month

Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.10.27. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31382 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy.0.22. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31942 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31381 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight Social Media Feeds.6.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy