Skip to main content
CVE-2024-4038 MEDIUM This Month

The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE Code Injection
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-25967 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-31953 MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple RCE Samsung Magician
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-31952 MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple Samsung Magician
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-27460 MEDIUM This Month

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Poly Plantronics Hub
NVD
CVSS 3.1
6.7
EPSS
1.7%
CVE-2024-3788 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2024-3787 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 disks (/admin/DeviceS3). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2024-32717 MEDIUM This Month

Missing Authorization vulnerability in WPDeveloper SchedulePress.0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27852 MEDIUM This Month

A privacy issue was addressed with improved client ID handling for alternative app marketplaces. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-34441 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bootstrapped Ventures Easy Affiliate Links allows Stored XSS.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34421 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsurface BlogLentor allows Stored XSS.0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34415 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows Stored XSS.1.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33955 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Freesia Empire allows Stored XSS.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33954 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atanas Yonkov Pliska allows Stored XSS.3.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33953 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33952 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Unique allows Stored XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-33951 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam DeHaven Perfect Pullquotes allows Stored XSS.7.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32776 MEDIUM This Month

Missing Authorization vulnerability in AppPresser Team AppPresser.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apppresser
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-4445 MEDIUM PATCH This Month

The WP Compress - Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass XSS WordPress Wp Compress
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34436 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Skt Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34432 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Better Elementor Addons Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-35167 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Envo S Elementor Templates Widgets For Woocommerce Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34445 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Skt Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-4440 MEDIUM This Month

The 140+ Widgets | Best Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2024-4448 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-33938 MEDIUM This Month

Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-4473 MEDIUM PATCH This Month

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sydney Toolbox
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-31483 MEDIUM This Month

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4774 MEDIUM This Month

The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-30054 MEDIUM This Month

Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Powerbi Javascript
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-30036 MEDIUM This Month

Windows Deployment Services Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2024-30019 MEDIUM This Month

DHCP Server Service Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-30011 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-34712 MEDIUM PATCH This Month

Oceanic is a NodeJS library for interfacing with Discord. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-34191 MEDIUM This Month

htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Htmly
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-33647 MEDIUM This Month

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27946 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruggedcom Crossbow
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-25970 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-22268 MEDIUM This Month

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service Memory Corruption Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1914 MEDIUM This Month

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Robotware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-4597 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab CSRF
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4539 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-3789 MEDIUM This Month

Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Wbsairback
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-34699 MEDIUM This Month

GZ::CTF is a capture the flag platform. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34354 MEDIUM This Month

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32730 MEDIUM This Month

SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-32476 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-2651 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
33.3%
CVE-2024-2454 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
33.3%
CVE-2024-22064 MEDIUM This Month

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxun Epdg
NVD
CVSS 3.1
6.5
EPSS
0.5%
Prev Page 10 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy