Skip to main content
CVE-2024-34423 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four - 404 Plugin for WordPress allows Stored XSS.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34422 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trinhtuantai Viet Affiliate Link allows Stored XSS.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34419 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nathan Vonnahme Configure Login Timeout allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-34425 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Baylog QuickieBar allows Stored XSS.8.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-35169 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks.3.15. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34418 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34417 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Toidicode.Com (thanhtaivtt) Viet Nam Affiliate allows Stored XSS.0.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34811 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.5.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Sms
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-34420 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.6.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-34437 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.15.24. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Form Maker
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-4769 MEDIUM This Month

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-33864 MEDIUM This Month

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Linqi
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-34704 MEDIUM This Month

era-compiler-solidity is the ZKsync compiler for Solidity. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-34701 MEDIUM This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-33950 MEDIUM This Month

Administrator Cross Site Scripting (XSS) in Archives Calendar Widget <= 1.0.15 versions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-32985 MEDIUM This Month

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-30171 MEDIUM PATCH This Month

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-26306 MEDIUM This Month

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure OpenSSL Iperf3 Bootstrap Os
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2024-30801 MEDIUM This Month

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE SQLi
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
1.6%
CVE-2024-27106 MEDIUM This Month

Vulnerable data in transit in GE HealthCare EchoPAC products. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-4859 MEDIUM This Month

Solidus <= 4.3.4 is affected by a Stored Cross-Site Scripting vulnerability in the order tracking URL. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-33876 MEDIUM This Month

HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-33875 MEDIUM This Month

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32610 MEDIUM This Month

HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32607 MEDIUM This Month

HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-32606 MEDIUM This Month

HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c). Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-29166 MEDIUM This Month

HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE Denial Of Service Hdf5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2024-27841 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27789 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27810 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27827 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-23236 MEDIUM This Month

A correctness issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27816 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-23229 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27847 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-30059 MEDIUM This Month

Microsoft Intune for Android Mobile Application Management Tampering Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Intune Mobile Application Management
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-30039 MEDIUM This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-30037 MEDIUM This Month

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
5.3%
CVE-2024-30034 MEDIUM This Month

Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Memory Corruption Windows 10 1809 Windows 10 21h2 +7
NVD
CVSS 3.1
5.5
EPSS
6.9%
CVE-2024-30016 MEDIUM This Month

Windows Cryptographic Services Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-30008 MEDIUM This Month

Windows DWM Core Library Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-33866 MEDIUM This Month

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Linqi
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-32731 MEDIUM This Month

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-25969 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4840 MEDIUM This Month

An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4693 MEDIUM This Month

A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-4046 MEDIUM This Month

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-3461 MEDIUM This Month

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Kioware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-34353 MEDIUM PATCH This Month

The matrix-sdk-crypto crate, part of the Matrix Rust SDK project, is an implementation of a Matrix end-to-end encryption state machine in Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32999 MEDIUM This Month

Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 6 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy