Skip to main content
CVE-2024-1135 HIGH PATCH This Week

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2024-3067 HIGH PATCH This Week

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi Google WordPress Woocommerce Google Feed Manager
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-21110 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-21083 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-21026 HIGH This Week

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-30380 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a Denial of Service (DoS), which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-20989 HIGH This Week

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Oracle Hospitality Simphony
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2024-30378 MEDIUM This Month

A Use After Free vulnerability in command processing of Juniper Networks Junos OS on MX Series allows a local, authenticated attacker to cause the broadband edge service manager daemon (bbe-smgd) to. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service Memory Corruption Junos
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-21107 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Microsoft Vm Virtualbox
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2024-32632 MEDIUM This Month

A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Asr1803Sc Firmware Asr1607 Firmware Asr3603 Firmware Asr1806 Firmware +9
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-32557 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.6.9.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-21121 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21106 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-21104 MEDIUM This Month

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Zfs Storage Appliance Kit
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-21091 MEDIUM This Month

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Product Lifecycle Management For Process
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21089 MEDIUM This Month

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: Request Submission and Scheduling). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Concurrent Processing
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-21080 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Applications Framework
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3855 MEDIUM This Month

In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-3872 MEDIUM This Month

Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Mobile
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3672 MEDIUM PATCH This Month

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ba Book Everything
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1357 MEDIUM This Month

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-30567 MEDIUM This Month

An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-3860 MEDIUM This Month

An out-of-memory condition during object initialization could result in an empty shape list. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-21072 MEDIUM This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Installed Base
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21065 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21063 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Oracle Peoplesoft Enterprise Hcm Benefits Administration
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-21046 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21045 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21044 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-21043 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-21042 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21041 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21040 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21039 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21038 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21037 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21036 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21035 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21034 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21033 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21032 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-21031 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21030 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21029 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21028 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21027 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21025 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21024 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21023 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-21022 MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy