Skip to main content
CVE-2024-32970 HIGH PATCH This Week

Phlex is a framework for building object-oriented views in Ruby. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Mozilla
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-33465 HIGH This Week

Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-3746 MEDIUM This Month

The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scadapro Server
NVD
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-23772 MEDIUM This Month

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-1371 MEDIUM This Month

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0216 MEDIUM This Month

The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress SSRF
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-34149 MEDIUM This Month

In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-33103 MEDIUM This Month

An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS File Upload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2877 MEDIUM This Month

Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22405 MEDIUM This Month

XADMaster is an objective-C library for archive and file unarchiving and extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34044 MEDIUM This Month

The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34043 MEDIUM This Month

O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ric App Kpimon Go
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-3072 MEDIUM This Month

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34047 MEDIUM PATCH This Month

O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ric Plt E2Mgr
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-4226 LOW Monitor

It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Octopus Server
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-4327 LOW Monitor

A vulnerability was found in Apryse WebViewer up to 10.8.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
3.5
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy