Skip to main content
CVE-2024-21862 HIGH PATCH This Week

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Quartus Prime
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-21837 HIGH PATCH This Week

Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Quartus Prime
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-21814 HIGH This Week

Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Chipset Device Software
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-21809 HIGH PATCH This Week

Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Quartus Prime
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-21777 HIGH PATCH This Week

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Intel Quartus Prime
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-22095 HIGH This Week

Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local. Rated high severity (CVSS 7.2). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-3640 HIGH This Week

An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Rockwell
NVD
CVSS 4.0
7.0
EPSS
0.3%
CVE-2024-22379 MEDIUM This Month

Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21843 MEDIUM This Month

Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21841 MEDIUM This Month

Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21828 MEDIUM This Month

Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7). No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21818 MEDIUM This Month

Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-21774 MEDIUM This Month

Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-4279 MEDIUM PATCH This Month

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Tutor Lms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34760 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.3.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22015 MEDIUM This Month

Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34805 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly iFrame allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4984 MEDIUM This Month

The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD GitHub
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4391 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Happy Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4478 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Happy Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-3134 MEDIUM This Month

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Master Addons
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4546 MEDIUM This Month

The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4385 MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Envo Extra
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4580 MEDIUM PATCH This Month

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Master Addons
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4634 MEDIUM PATCH This Month

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfe_svg_mime_types’ function in versions up to, and including, 1.6.28 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Header Footer Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4617 MEDIUM This Month

The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4288 MEDIUM PATCH This Month

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simply Schedule Appointments
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4635 MEDIUM This Month

The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4400 MEDIUM PATCH This Month

The Post and Page Builder by BoldGrid - Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Post And Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4760 MEDIUM This Month

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-34582 MEDIUM This Month

Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-35302 MEDIUM This Month

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35300 MEDIUM This Month

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-34273 MEDIUM PATCH This Month

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-30287 MEDIUM This Month

Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-30286 MEDIUM This Month

Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-30283 MEDIUM This Month

Adobe Framemaker versions 2020.5, 2022.3 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35301 MEDIUM This Month

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-30309 MEDIUM This Month

Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-30308 MEDIUM This Month

Substance3D - Painter versions 9.1.2 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-30298 MEDIUM This Month

Animate versions 24.0.2, 23.0.5 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-30281 MEDIUM This Month

Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-20793 MEDIUM This Month

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-3887 MEDIUM This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Royal Elementor Addons Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4993 MEDIUM This Month

Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Siadmin
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-35185 MEDIUM PATCH This Month

Minder is a software supply chain security platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35176 MEDIUM PATCH This Month

REXML is an XML toolkit for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rexml
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2024-4965 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link PHP Command Injection Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.9%
CVE-2024-4964 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link PHP File Upload Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.5%
CVE-2024-4963 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link PHP File Upload Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy