Skip to main content
CVE-2024-32726 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-32781 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23976 HIGH This Week

Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Registrationmagic
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-20313 HIGH This Week

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-32950 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-32785 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).0.8.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF The Pack Elementor Addons Elementor
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32952 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32702 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reputeinfosystems ARForms arforms.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32958 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).8.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-32789 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).1.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27791 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Buffer Overflow Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-3371 MEDIUM This Month

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Compass
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-20358 MEDIUM This Month

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Adaptive Security Appliance Software Firepower Threat Defense Software
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2022-45852 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32721 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jeg Elementor Kit Elementor
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32711 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32791 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor.10.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32956 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23271 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32723 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.2.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32675 MEDIUM This Month

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32951 MEDIUM This Month

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0151 MEDIUM This Month

Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32051 MEDIUM This Month

Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32803 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.40.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-32780 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-32833 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Halsey List Custom Taxonomy Widget allows Stored XSS.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32815 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Peters All-in-one Like Widget all-in-one-facebook-like-widget.2.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32707 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Image Slider Widget allows Stored XSS.1.125. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32722 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.2.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32834 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.3.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32801 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.3.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-4141 MEDIUM This Month

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32872 MEDIUM PATCH This Month

Umbraco workflow provides workflows for the Umbraco content management system. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-28977 MEDIUM This Month

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dell Repository Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-28963 MEDIUM This Month

Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Telemetry Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32835 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32812 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.0.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Podlove Podcast Publisher
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32793 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.12.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Paid Memberships Pro
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32808 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-47774 MEDIUM This Month

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jetpack
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-32788 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.20.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-32716 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.7.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-25790 MEDIUM This Month

Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-48763 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.1.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-32678 MEDIUM This Month

Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.7.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-25785 MEDIUM This Month

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-32127 MEDIUM This Month

Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-23989 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-32823 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post - WP Rating System.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rate My Post
NVD
CVSS 3.1
5.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy