Skip to main content
CVE-2024-34390 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Grid Master
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34374 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementsready
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34380 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-34373 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-23188 MEDIUM This Month

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-6854 MEDIUM This Month

The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-33121 MEDIUM This Month

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-4511 MEDIUM This Month

A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-34078 MEDIUM PATCH This Month

html-sanitizer is an allowlist-based HTML cleaner. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-23187 MEDIUM This Month

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23186 MEDIUM This Month

E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-33600 MEDIUM This Month

nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Glibc Debian Linux Active Iq Unified Manager +10
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34413 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SliceWP allows Stored XSS.1.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-34375 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.7.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-34366 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AltText.Ai Download Alt Text AI allows Stored XSS.3.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-20060 MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-1695 MEDIUM This Month

A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. Rated medium severity (CVSS 5.7). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-4568 MEDIUM This Month

In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-34091 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34090 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-34089 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.04. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34064 MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jinja Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-34368 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.15.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-34382 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RoboSoft Robo Gallery.2.18. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-33907 MEDIUM This Month

Missing Authorization vulnerability in Michael Nelson Print My Blog print-my-blog.26.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-33910 MEDIUM This Month

Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.7.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34372 MEDIUM This Month

Missing Authorization vulnerability in AddonMaster Post Grid Master.4.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Post Grid Master
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-33908 MEDIUM This Month

Missing Authorization vulnerability in Themesgrove WidgetKit.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-34383 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-33117 MEDIUM This Month

crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Crmeb Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34093 MEDIUM This Month

An issue was discovered in Archer Platform 6 before 2024.03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Archer
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-23193 MEDIUM This Month

E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34529 MEDIUM PATCH This Month

Nebari through 2024.4.1 prints the temporary Keycloak root password. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-20058 MEDIUM This Month

In keyInstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-33570 MEDIUM This Month

Missing Authorization vulnerability in Roxnor Metform metform.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-34377 MEDIUM This Month

Missing Authorization vulnerability in A WP Life Video Gallery - Api Gallery, YouTube and Vimeo, Link Gallery.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-34389 MEDIUM This Month

Missing Authorization vulnerability in AF themes WP Post Author.6.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Post Author
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34371 MEDIUM This Month

Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.7.18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34387 MEDIUM This Month

Missing Authorization vulnerability in AF themes WP Post Author.6.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Post Author
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34379 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Restaurant And Cafe
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-26312 MEDIUM This Month

Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy