Skip to main content
CVE-2024-32998 MEDIUM This Month

NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32996 MEDIUM This Month

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32995 MEDIUM This Month

Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-32993 MEDIUM This Month

Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Race Condition Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-27400 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27399 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-27393 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0098 MEDIUM This Month

NVIDIA ChatRTX for Windows contains a vulnerability in the ChatRTX UI and backend, where a user can cause a clear-text transmission of sensitive information issue by data sniffing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Microsoft Chatrtx
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3956 MEDIUM This Month

The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1229 MEDIUM This Month

The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-3722 MEDIUM This Month

The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-34816 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io - Easy Meeting Scheduler.Io - Easy Meeting Scheduler: from n/a through 0.9.5.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-34814 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Unyson Unyson unyson.7.29. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32100 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.2.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easy Digital Downloads
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-4213 MEDIUM This Month

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-4562 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-30053 MEDIUM This Month

Azure Migrate Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Azure Migrate
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-30050 MEDIUM This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.4
EPSS
11.5%
CVE-2024-30041 MEDIUM This Month

Microsoft Bing Search Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Bing Search
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-34357 MEDIUM PATCH This Month

TYPO3 is an enterprise content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34356 MEDIUM PATCH This Month

TYPO3 is an enterprise content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34355 MEDIUM PATCH This Month

TYPO3 is an enterprise content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-32077 MEDIUM PATCH This Month

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Airflow
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2024-4606 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4425 MEDIUM This Month

The access control in CemiPark software stores integration (e.g. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-4232 MEDIUM This Month

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.4
EPSS
0.3%
CVE-2024-3462 MEDIUM This Month

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30055 MEDIUM This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-28781 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-28761 MEDIUM PATCH This Month

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS App Connect Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-6327 MEDIUM PATCH This Month

The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Shoplentor
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-35165 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34812 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme ShopBuilder - Elementor WooCommerce Builder Addons shopbuilder.1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35171 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.9.25. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Academy Lms
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34556 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34550 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.3.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34549 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-35166 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filebird
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0870 MEDIUM This Month

The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-3915 MEDIUM This Month

The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-32719 MEDIUM This Month

Missing Authorization vulnerability in WP Club Manager WP Club Manager wp-club-manager.2.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-4280 MEDIUM This Month

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-35175 MEDIUM PATCH This Month

sshpiper is a reverse proxy for sshd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-4561 MEDIUM This Month

In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-3374 MEDIUM This Month

An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes.0 versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34914 MEDIUM PATCH This Month

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-34717 MEDIUM PATCH This Month

PrestaShop is an open source e-commerce web application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Prestashop
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-34358 MEDIUM PATCH This Month

TYPO3 is an enterprise content management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-27947 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Crossbow
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-4816 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.4%
Prev Page 7 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy