Skip to main content
CVE-2024-34445 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Skt Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-4440 MEDIUM This Month

The 140+ Widgets | Best Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.7%
CVE-2024-4448 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-33938 MEDIUM This Month

Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-4473 MEDIUM PATCH This Month

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Sydney Toolbox
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-31483 MEDIUM This Month

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4774 MEDIUM This Month

The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-30054 MEDIUM This Month

Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Powerbi Javascript
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-30036 MEDIUM This Month

Windows Deployment Services Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2024-30019 MEDIUM This Month

DHCP Server Service Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-30011 MEDIUM This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-34712 MEDIUM PATCH This Month

Oceanic is a NodeJS library for interfacing with Discord. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-34191 MEDIUM This Month

htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Htmly
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-33647 MEDIUM This Month

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27946 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ruggedcom Crossbow
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-25970 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-22268 MEDIUM This Month

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow VMware Denial Of Service Memory Corruption Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1914 MEDIUM This Month

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Robotware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-4597 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab CSRF
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4539 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-3789 MEDIUM This Month

Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Denial Of Service Wbsairback
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-34699 MEDIUM This Month

GZ::CTF is a capture the flag platform. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34354 MEDIUM This Month

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32730 MEDIUM This Month

SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-32476 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-2651 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
33.3%
CVE-2024-2454 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
33.3%
CVE-2024-22064 MEDIUM This Month

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Zxun Epdg
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4392 MEDIUM This Month

The Jetpack - WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Jetpack
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4574 MEDIUM This Month

The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4624 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-2785 MEDIUM PATCH This Month

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress The Plus Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4567 MEDIUM PATCH This Month

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Themify Shortcodes
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-2923 MEDIUM PATCH This Month

The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Magical Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4209 MEDIUM PATCH This Month

The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Gutenberg Blocks With Ai
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4430 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Beaver Builder
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-3916 MEDIUM This Month

The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4666 MEDIUM PATCH This Month

The Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Borderless
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4481 MEDIUM PATCH This Month

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Gutenberg Blocks With Ai
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-3831 MEDIUM This Month

The Enter Addons - Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Enter Addons
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4383 MEDIUM PATCH This Month

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple Membership
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4490 MEDIUM This Month

The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4193 MEDIUM This Month

The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-0445 MEDIUM This Month

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress The Plus Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4411 MEDIUM This Month

The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4316 MEDIUM This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google WordPress XSS Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3989 MEDIUM This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ht Mega
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3680 MEDIUM This Month

The Enter Addons - Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Enter Addons
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3595 MEDIUM This Month

The Pure Chat - Live Chat Plugin & More!. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4398 MEDIUM This Month

The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
Prev Page 4 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy