Skip to main content
CVE-2024-23532 HIGH This Week

An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Ivanti Buffer Overflow RCE Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-23531 HIGH This Week

An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2024-23530 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-23529 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-23528 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-23526 HIGH This Week

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-3600 HIGH This Week

The Poll Maker - Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Authentication Bypass Poll Maker
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-32409 HIGH This Week

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Semcms
NVD VulDB
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-3684 HIGH This Week

A server side request forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin access to the appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-3646 HIGH This Week

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-3470 HIGH This Week

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-31552 HIGH This Week

CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attackers to download arbitrary files on the server and obtain sensitive information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-27984 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.1
EPSS
1.8%
CVE-2024-22905 HIGH This Week

Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE Mbed Os
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2024-32478 MEDIUM This Month

Git Credential Manager (GCM) is a secure Git credential helper. Rated medium severity (CVSS 6.9). No vendor patch available.

Debian Information Disclosure
NVD GitHub
CVSS 3.1
6.9
EPSS
0.2%
CVE-2024-0671 MEDIUM This Month

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +2
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-31992 MEDIUM PATCH This Month

Mealie is a self hosted recipe manager and meal planner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Debian Denial Of Service Mealie
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31587 MEDIUM This Month

SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-29968 MEDIUM This Month

An information disclosure vulnerability exists in Brocade SANnav before v2.3.1 and v2.3.0a when Brocade SANnav instances are configured in disaster recovery mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-29964 MEDIUM This Month

Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Docker Brocade Sannav
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-29958 MEDIUM This Month

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-27978 MEDIUM This Month

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-24991 MEDIUM This Month

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-23533 MEDIUM This Month

An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-3598 MEDIUM This Month

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Elementskit
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3560 MEDIUM This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Learnpress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3731 MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-3615 MEDIUM PATCH This Month

The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Media Library Folders
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-3654 MEDIUM This Month

An XSS vulnerability has been found in Teimas Global's Teixo, version 1.42.42-stable. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-29183 MEDIUM This Month

OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-29967 MEDIUM This Month

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker Brocade Sannav
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-2440 MEDIUM This Month

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-1065 MEDIUM This Month

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-29965 MEDIUM This Month

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-31584 MEDIUM PATCH This Month

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Pytorch
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-29962 MEDIUM This Month

Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3818 MEDIUM PATCH This Month

The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Essential Blocks
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-32683 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-29991 MEDIUM This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection RCE Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2024-31993 MEDIUM PATCH This Month

Mealie is a self hosted recipe manager and meal planner. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mealie
NVD GitHub
CVSS 3.1
4.5
EPSS
0.4%
CVE-2024-3979 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in COVESA vsomeip up to 3.4.10. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Race Condition Information Disclosure
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-29963 LOW Monitor

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Brocade Sannav
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2024-31991 LOW PATCH Monitor

Mealie is a self hosted recipe manager and meal planner. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Mealie
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy