Skip to main content
CVE-2024-32587 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.2. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2024-31229 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.2.3. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-26921 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-32142 MEDIUM This Month

Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-29986 MEDIUM This Month

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-32686 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-32601 MEDIUM This Month

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-29003 MEDIUM This Month

The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS Solarwinds Platform
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-6897 MEDIUM PATCH This Month

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Ean For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-32689 MEDIUM This Month

Missing Authorization vulnerability in GenialSouls WP Social Comments.7.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41864 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-32604 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.26.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-23557 MEDIUM This Month

HCL Connections contains a user enumeration vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Connections
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-32466 MEDIUM PATCH This Month

Tolgee is an open-source localization platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Tolgee
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-31869 MEDIUM PATCH This Month

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Airflow
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2024-3928 MEDIUM This Month

A vulnerability was found in Dromara open-capacity-platform 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-28076 LOW Monitor

The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. Rated low severity (CVSS 3.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Open Redirect Solarwinds Platform
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2024-3931 LOW Monitor

A vulnerability was found in Totara LMS up to 18.7. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Totara
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2024-3932 LOW Monitor

A vulnerability classified as problematic has been found in Totara LMS up to 18.7. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF
NVD VulDB
CVSS 4.0
1.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy