Skip to main content
CVE-2024-4361 MEDIUM PATCH This Month

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-3345 MEDIUM PATCH This Month

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shoplentor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4876 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popover_header_text’ parameter in versions up to, and including, 2.5.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ht Mega
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-3155 MEDIUM This Month

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4452 MEDIUM This Month

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Elementskit
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4470 MEDIUM This Month

The Master Slider - Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Master Slider
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4710 MEDIUM This Month

The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenu_mobile_close_button, ubermenu_toggle, ubermenu-search shortcodes in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4943 MEDIUM PATCH This Month

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Blocksy
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-36039 MEDIUM PATCH This Month

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-34071 MEDIUM PATCH This Month

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Umbraco Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-35180 MEDIUM PATCH This Month

OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Omero Web
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-1721 MEDIUM This Month

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.1. Rated medium severity (CVSS 5.6). No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2021-47316 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix NULL dereference in nfs3svc_encode_getaclres In error cases the dentry may be NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-52737 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0816 MEDIUM This Month

The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Lte3202 M437 Firmware Lte3301 Plus Firmware Lte5388 M804 Firmware +62
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-3268 MEDIUM PATCH This Month

The YouTube Video Gallery by YouTube Showcase - Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Youtube Video Gallery
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-4875 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Ht Mega
NVD
CVSS 3.1
4.3
EPSS
3.8%
CVE-2024-22275 MEDIUM This Month

The vCenter Server contains a partial file read vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-35218 MEDIUM PATCH This Month

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-33525 MEDIUM This Month

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-34274 LOW Monitor

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD GitHub
CVSS 3.1
3.9
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy