Skip to main content
CVE-2024-1695 MEDIUM This Month

A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. Rated medium severity (CVSS 5.7). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-4568 MEDIUM This Month

In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34091 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34090 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-34089 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34064 MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jinja Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-34368 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.15.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34382 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.2.18. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-33907 MEDIUM This Month

Missing Authorization vulnerability in Michael Nelson Print My Blog print-my-blog.26.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-33910 MEDIUM This Month

Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.7.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34372 MEDIUM This Month

Missing Authorization vulnerability in AddonMaster Post Grid Master.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Post Grid Master
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-33908 MEDIUM This Month

Missing Authorization vulnerability in Themesgrove WidgetKit.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-34383 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-33117 MEDIUM This Month

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crmeb Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34093 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-23193 MEDIUM This Month

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34529 MEDIUM PATCH This Month

Nebari through 2024.4.1 prints the temporary Keycloak root password. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-20058 MEDIUM This Month

In keyInstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-33570 MEDIUM This Month

Missing Authorization vulnerability in Roxnor Metform metform.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-34377 MEDIUM This Month

Missing Authorization vulnerability in A WP Life Video Gallery - Api Gallery, YouTube and Vimeo, Link Gallery.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-34389 MEDIUM This Month

Missing Authorization vulnerability in AF themes WP Post Author.6.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Post Author
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34371 MEDIUM This Month

Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.7.18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34387 MEDIUM This Month

Missing Authorization vulnerability in AF themes WP Post Author.6.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Post Author
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34379 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Restaurant And Cafe
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-26312 MEDIUM This Month

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy