Skip to main content
CVE-2024-4815 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.4%
CVE-2024-4814 MEDIUM This Month

A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.4%
CVE-2024-4813 MEDIUM This Month

A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.4%
CVE-2024-4790 MEDIUM This Month

A vulnerability classified as problematic has been found in DedeCMS 5.7.114. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Path Traversal Dedecms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2024-34080 MEDIUM PATCH This Month

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mantisbt
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-32672 MEDIUM This Month

A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-32669 MEDIUM This Month

Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-30208 MEDIUM This Month

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2024-27821 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS +1
NVD VulDB
CVSS 3.1
4.7
EPSS
2.4%
CVE-2024-0862 MEDIUM This Month

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-28135 MEDIUM This Month

A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware +1
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2024-33008 MEDIUM This Month

SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow SAP Memory Corruption
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-33867 MEDIUM This Month

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Linqi
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-33583 MEDIUM This Month

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-33497 MEDIUM This Month

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-33496 MEDIUM This Month

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-32637 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10),. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Jt2Go Parasolid Teamcenter Visualization
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2024-3796 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupSchedule, description field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbsairback
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3795 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/BackupTemplate, name / description fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbsairback
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3794 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/AdvancedSystem, description field, all parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbsairback
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3793 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/CloudAccounts, account name / user password / server fields, all parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbsairback
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3792 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/DeviceReplication, execution range field, all parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbsairback
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-3791 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbsairback
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3790 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting (XSS) through /admin/SystemUsers, login / description fields, passwd1/ passwd2 parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wbsairback
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-34349 MEDIUM PATCH This Month

Sylius is an open source eCommerce platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-34081 MEDIUM PATCH This Month

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Mantisbt
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-32997 MEDIUM This Month

Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-33819 MEDIUM This Month

Globitel KSA SpeechLog v8.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Save Query function. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2024-3068 MEDIUM PATCH This Month

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Custom Field Suite
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2024-2846 MEDIUM This Month

The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-34433 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization One Click Demo Import
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-4417 MEDIUM This Month

The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-35172 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.3. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-25965 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-31113 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.2.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Digital Downloads
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6812 MEDIUM PATCH This Month

The WP Compress - Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Open Redirect Wp Compress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1693 MEDIUM This Month

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33956 MEDIUM This Month

Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-33942 MEDIUM This Month

Missing Authorization vulnerability in Eric Alli Google Typography.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-34817 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1467 MEDIUM This Month

The Starter Templates - Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34827 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.7.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-4689 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34828 MEDIUM PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.1.32. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34825 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.4.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34823 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.7.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34557 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34439 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.14.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-34427 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.6.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1230 MEDIUM This Month

The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress CSRF
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 8 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy